Authentication and user permission

Question

Asked 7 years, 11 months ago

Viewed 357 times

0

Hello. I am setting up a system for registration and update, it would work as follows

User logs in and receives a screen to edit their own registration, only.

But I’m having a doubt. As I’m new at Rails, I have come to know tools for authorization and authenticity now, such as the.

Consider the following url

host/partner/id/edit

How to make only the user who has the same url id be able to edit this record?

Example: host/partner/200/edit - only the user with id 200 could have access to this page.

It’s doubtful stupid, but as I said, I’m a beginner in Rails.

Thanks.

1 answer

Browser other questions tagged ruby-on-rails

You are not signed in. Login or sign up in order to post.

by Alex Takitani • **1,060** points · Answer 1 · 2016-12-13T12:45:41+00:00

You don’t have to use Pundit for that if you don’t want to learn now.

I imagine the user Log with the Target already, right?

Therefore, a simple

redirect_to root_path, error: "Sem acesso" if params[:id] != current_user.id

in a before_action in the controller, solves your problem.