在我的 Rails 应用程序中,我users
有谁可以拥有很多projects
,而后者又可以拥有很多invoices
.
如何确保用户只能为他的一个项目创建发票,而不能为另一个用户的项目创建发票?
class Invoice < ActiveRecord::Base
attr_accessible :number, :date, :project_id
validates :project_id, :presence => true,
:inclusion => { :in => ????????? }
end
谢谢你的帮助。
class InvoicesController < ApplicationController
def new
@invoice = current_user.invoices.build(:project_id => params[:project_id])
end
def create
@invoice = current_user.invoices.build(params[:invoice])
if @invoice.save
flash[:success] = "Invoice saved."
redirect_to edit_invoice_path(@invoice)
else
render :new
end
end
end