Skip to content

Instantly share code, notes, and snippets.

@Tasha25

Tasha25/Nothing

Created November 14, 2013 01:19
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save Tasha25/7459605 to your computer and use it in GitHub Desktop.
Save Tasha25/7459605 to your computer and use it in GitHub Desktop.
Download ZIP
Having people not get to the edit page unless authorized
Raw
Nothing
Nothing to add
Raw
This prohibits unauthorized edits
This is in app> application_controller.rb
class ApplicationController < ActionController::Base
protect_from_forgery
private
def current_user
if session[:user_id]
if @current_user.nil?
@current_user = User.find(session[:user_id])
end
end
return @current_user
end
helper_method :current_user
end
##This is in the cases_controller
def edit
@case = Case.find(params[:id])
if @case.user != current_user
flash[:notice] = " You are not authorized to edit"
redirect_to root_path
end
end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment