0

我有两个模型用户和促销,用户可以创建 has_many 促销和促销属于用户,对于我使用的用户设计

当我删除促销时,我希望用户也不能删除其他用户的促销,而只能删除他们自己的促销

我必须更改控制器,但如何?我希望有所帮助

这是销毁促销的控制器

def destroy
@promotion = Promotion.find(params[:id])
@promotion.destroy
#@promotion = current_user.promotions.destroy

respond_to do |format|
  format.html { redirect_to promotions_url, notice:'Promotion was successfully delete.' }
  format.json { head :ok }
 end
 end
end

请对不起我的英语!

4

1 回答 1

0

交叉检查 是否current_user也是 的创建者@promotion

def destroy
  @promotion = Promotion.find(params[:id])
  if @promotion.user == current_user #if user is the owner of that promotion
    @promotion.destroy
    respond_to do |format|
      format.html { redirect_to promotions_url, notice:'Promotion was successfully delete.' }
      format.json { head :ok }
    end
  else
    redirect_to root_path
  end
end
于 2013-05-16T20:28:19.617 回答