All geek questions in one place

A few before_filter instructions for correct_user and admin

I have a group resource that I am trying to configure with the appropriate permissions.

The authorization logic I'm trying to implement is this:

  • Only group members should be able to view their group.
  • The administrator can view any group, as well as perform other actions.

I am trying to do this with the following before_filter statements in a group controller:

before_filter :signed_in_user before_filter :correct_user, only: :show before_filter :admin_user, only: [:show, :index, :edit, :update, :destroy]

Correct_user works as I checked that only members of the group can view their group. However, I want the admin: show statement to override this so that the administrator can view any group. This is currently not working. I assume that I have something wrong with the settings and filter settings.

Can someone tell me where I was wrong?

EDIT

Adding my method code to Amar's request:

 private def correct_user # User has to be a member to view @group = Group.find(params[:id]) redirect_to(root_path) if @group.members.find_by_member_id(current_user).nil? end def admin_user redirect_to(root_path) unless current_user.admin? end
+6
source share
1 answer

Update the correct_user method or create another method with the following definition, remove the impression from another filter and add before_filter using the new method.

 def correct_user @group = Group.find(params[:id]) redirect_to(root_path) if @group.members.find_by_member_id(current_user).nil? && !current_user.admin? end
+2
source

Source: https://habr.com/ru/post/913175/

More articles:


All Articles