Reputation: 37
Only allow logged in/current users to edit their own post
I have a table of post in which users log into the application and can post an item. Ideally, I would like to have users edit only their post and no one else's. So far, I have it so that users are able to edit posts, but also edit others.
This is what I think I need to get fixed from index.html.erb file:
<td><%= review.review %> (<% if current_user%><%= link_to 'Edit', edit_review_path(review)%><%end%>)</td>
Upvotes: 2
Views: 271
Answers (1)
Reputation: 33420
You can use something like:
<% if user_signed_in? && current_user.id == @review.user_id %>
Which is saying, check if the user is already logged, and check if the current_user is the owner of the review, checking the current_user id and the id from the owner of such review.
So you can try:
<td>
<%= review.review %>
<% if user_signed_in && current_user.id == review.user_id %>
<%= link_to 'Edit', edit_review_path(review) %>
<% end %>
</td>
You can also create a method an use it as before_action to check for the match between the current_user and the owner of the review, but I think the view "validation" could be enough.
Upvotes: 3
Related Questions
- how to let users only edit/delete their own items? Ruby on Rails
- Ruby-On-Rails How to allow only current user to edit and delete posts they have created
- Rails 4 : Current user can only edit their post
- Only allow a user to edit their own content
- How to allow only the author of a post edit or delete it in Ruby on Rails?
- Authorise user to edit only their account with Rails
- How can I make sure that a user can only edit his own entries?
- Preventing other signed-in users from accessing 'edit' page
- How to limit editing to specific users who created the post in ruby on rails?
- Ruby on rails more elegant way to authenticate that users can edit only their own content