I'm want to restrict access to an object show action to the owner
in my action I have this
def show
@thing = Thing.find(params[:id])
if current_user && @thing.owner == current_user
respond_to do |format|
format.json { render :json => @thing }
end
else
render :status => :forbidden, :text => "API requires
authentication for the minute."
end
end
Which works in the browser, however when running functional tests even
though @thing.owner is the same user as current_user it is not the
same object so the comparison fails as I see it I have a few options
but wanted to try and gauge what people feel is the best way
1) adjust the test setup so the logged in user is the same object and
the comparison returns true (I have no idea how I would go about doing
this)
2) just do current_user.id == @thing.owner.id, this seems like the
most obvious and easiest but somehow less elegant
3) write my own comparison method on my user class, either:
def is_equal_to user(user)
return user.id == self.id
end
or:
def is_current_user
return current_user.id == self.id
end
4) something else I haven't thought about
--
You received this message because you are subscribed to the Google Groups "Ruby
on Rails: Talk" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.
