[Ruby] I want to give only the author the right to edit and delete

less than 1 minute read

version

・Ruby 2.5.7 ・Rails 5.2.4.3

I want to give only the author the right to edit and delete

CRUD processing was done! However, if it is left as it is, all posts can be edited and deleted. I want to give edit and delete permissions only to the contributor.  Screenshot 2020-08-07 11 24 11

Use the following method to protect user posts

unless means that it is not. In the following, This means that if the received user ID does not match the logged-in user (current_user) ID, the process is not executed and a redirect is returned. Screenshots 2020-08-07 11 33 46

Call the method with ##before_action to complete! ! ! before_action is executed before all controller actions are executed. This time I only want to edit and delete, so I only edit, update and destroy. Screenshots 2020-08-07 11 33 58