Authentication and user permission

0

Hello. I'm setting up a system for registration and updating, it would work as follows

User logs in and receives a screen to edit his own register, only.

But I have a question. As I am new to Rails , I have been getting tools for authorization and authentication now, such as devise and pundir.

Consider the following url

host/partner/id/edit

How to make only the user who has the same id of the url be able to edit this record?

Example: host/partner/200/edit - only the user with id 200 could have access to this page.

It is doubtful, but as I said, I am a beginner in Rails.

Thank you.

    
asked by anonymous 12.12.2016 / 21:57

1 answer

0

You do not have to use pundit for this, if you do not want to learn now.

I imagine the user logs in with the devise already, right?

So, a simple

redirect_to root_path, error: "Sem acesso" if params[:id] != current_user.id

In a controller before_action, it solves your problem.

    
13.12.2016 / 13:45