Reputation: 2753
How to permit creator to destroy his own record with Devise on Rails3
When the user is logged in, only the user who create the record can destroy his own record. What should I add to the code below??
def destroy
@topic = Topic.find(params[:id])
@topic.destroy
flash[:notice] = "topic deleted!"
end
Upvotes: 0
Views: 173
Answers (1)
Reputation: 23648
What you are looking for is not really devise but a authorization solution like CanCan.
Devise can only authenticate users and verify that they are logged in and active. What you need is a way to determine if the user has the right to delete this topic or not.
You can of course roll your own like this:
def destroy
@topic = Topic.find(params[:id])
if @topic.user_id == current_user.id
@topic.destroy
flash[:notice] = "topic deleted!"
else
flash[:error] = "not allowed"
end
end
(The code assumes you have a belongs_to :creator, :class_name => :user association set up in your Topic.. But you get the idea).
But using something like CanCan will make your life a whole lot easier and would reduce the code to something like this:
def destroy
@topic = Topic.find(params[:id])
authorize! :destroy, @topic
@topic.destroy
flash[:notice] = "topic deleted!"
end
With your ability file (See defining abilities) set up like this:
can :manage, Topic, :owner_id => user.id
Upvotes: 1
Related Questions
- Rails - How To Destroy Users Created Under Devise?
- Rails + Devise: How to restrict a user from editing records that do not belong to him
- User can't delete his own account , Rails 4 + Devise
- Deleting a User record from rails console
- How to delete an attribute from a Devise user in Rails?
- How to allow users to delete or update non-user resources and only there own?
- how to only edit and destroy my own content only?
- deleting users in devise generated model
- Devise remove a user but keep his data, and set a flag _is_deleted in rails 3.1
- Preventing user deletion in Ruby On Rails and Devise Application