2010/1/10 Alberto Lopez <[email protected]>: > Leonardo Mateo wrote: >> On Sun, Jan 10, 2010 at 11:30 AM, Alberto Lopez <[email protected]> >> wrote: >>> Hello, How can I do, when a user make a post, he only can edit his >>> posts? >>> >> Check for the owner of the post on the edit action? > > Exactly, if you have an user on my website an post anything, you will > edit or destroy only your posts.
I think that Leonardo meant that in the edit and destroy actions you should test that the current user is the owner of the post and not allow the action to proceed if not the owner. Colin
-- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
