ruby on rails - Url security trouble -
i know that's old question, don't understand why code, worked half year ago doesn't work. want make owners can have access posts. thaught written this:
def create @post = current_user.posts.new params[:post] if @post.save flash[:notice] = 'post created' redirect_to @post else render :new end end and in edit , others controllers
def edit if (current_user.id == @post.user_id) @post = post.find params[:id] else flash[:notice] = 'you not owner!' end end| but in views get, when i'm logged in:
undefined method `user_id' nil:nilclass where problem ?
def edit # @post nil unless set in before filter. if (current_user.id == @post.user_id) @post = post.find params[:id] else flash[:notice] = 'you not owner!' end end you should find post first.
def edit @post = post.find params[:id] if (current_user.id != @post.user_id) flash[:notice] = 'you not owner!' end end
Comments
Post a Comment