・Ruby 2.5.7 ・Rails 188.8.131.52
I want to give only the author the right to edit and delete
CRUD processing was done! However, if it is left as it is, all posts can be edited and deleted. I want to give edit and delete permissions only to the contributor.
Use the following method to protect user posts
unless means that it is not. In the following, This means that if the received user ID does not match the logged-in user (current_user) ID, the process is not executed and a redirect is returned.
Call the method with ##before_action to complete! ! ! before_action is executed before all controller actions are executed. This time I only want to edit and delete, so I only edit, update and destroy.