[Rails] Rails 3, help controlling access to a record based on the user id

Ruby on Rails Sunday, September 5, 2010

Hello, I'm a Rails newbie.... Here's what I'm trying to do....

I created a scaffold for notes (t.text :content, t.integer :user_id)
What I want to do now is only allow user's to view notes that they
created. ie (== user_id)

In my /app/controllers/notes_controller.rb

I have the following:

class NotesController < ApplicationController
before_filter :authenticate
before_filter :correct_user
.
.
.
def correct_user
@noteuserid = Note.find(:conditions=>["note.user_id=?",
@noteuserid])
redirect_to(root_path) unless current_user?(@noteuserid)
end

I'm having problems understanding how to write the following line:
@noteuserid = Note.find(:conditions=>["note.user_id=?", @noteuserid])

Right now I'm using the system in the Rails 3 Tutorial Book:
railstutorial.org/chapters/sign-in-sign-out#sec:current_user

Seems like the problem is current_user is an object, not an ID... Not
sure how to make the two comparable?

Thanks

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.

Posted by Ruby on Rails at 4:07 PM

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)