Skip to content

Instantly share code, notes, and snippets.

@x1wins
Last active December 12, 2019 14:53
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save x1wins/0d3f0058270cef37b2d3f25a56a3745d to your computer and use it in GitHub Desktop.
Save x1wins/0d3f0058270cef37b2d3f25a56a3745d to your computer and use it in GitHub Desktop.
model user_id onwer check
class ApplicationController < ActionController::Base
def is_owner user_id
unless user_id == current_user.id
render json: nil, status: :forbidden
return
end
end
def is_owner_object data
if data.nil? or data.user_id.nil?
return render status: :not_found
else
is_owner data.user_id
end
end
end
class ArticlesController < ApplicationController
before_action :authenticate_user!, only: [:new, :update, :destroy]
before_action :set_article, only: [:show, :edit, :update, :destroy]
before_action only: [:edit, :update, :destroy] do
is_owner_object @article
end
end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment