Fernando
Reputation: 4629
Rails 3: validate that a record belongs to user
I have a HABTM relationship between Products and Categories. Those Categories belongs to a user.
At my product form, I only show checkboxes for the current user. But i want to validate this on model too, so users can't fake POST variables and assign it to invalid categories.
How can i do such validation?
Example: given a category_id 5, i have to check if this category belongs to current_user.id ( provided by devise ).
Thanks.
Upvotes: 2
Views: 778
Answers (1)
caulfield
Reputation: 1373
You can add attr_accessor: creator_id to your Post model. (creator_id is not in database )
And send current_user.id from form to Post's creator_id.
Then use model callbacks. For example after_validation:
after_validation do
if User.find(creator_id).categories.pluck(:id).include?(category_id)
true
else
errors.add :category, "is invalid for user"
end
end
Upvotes: 1
Related Questions
- How to validate a belongs_to field's model field
- Rails, can validate a user crating a record is admin, from the model?
- Validate that belongs_to is in allowed values
- How to validate that foreign key value belongs to current user?
- What is the best way to validate a foreign key association in Rails belongs to current user
- Check if record doesn't belong to user
- helper method to check if a record is owned by the current user in rails
- rails validate a belongs_to relation
- Is there a better way to validate associated record in rails3
- Rails 3 ActiveRecord validation based on user permissions