Re: [Rails] is equal operator to check current user is owner

Sat, 12 Feb 2011 01:54:44 -0800 

On 11 February 2011 22:40, msaspence <[email protected]> wrote:
> I'm want to restrict access to an object show action to the owner
>
> in my action I have this
>
> def show
>    @thing = Thing.find(params[:id])
>    if current_user && @thing.owner == current_user

Not related to your problem, but just pointing out that you might be
better to use a :conditions option in the find so that it only finds
the current users things in the first place.  Then put this in a named
scope in the Thing model and the above reduces to something like
@thing = Thing.current_users_things.find(params[:id])

Colin


>      respond_to do |format|
>        format.json  { render :json => @thing }
>      end
>    else
>      render :status => :forbidden, :text => "API requires
> authentication for the minute."
>    end
> end
>
> Which works in the browser, however when running functional tests even
> though @thing.owner is the same user as current_user it is not the
> same object so the comparison fails as I see it I have a few options
> but wanted to try and gauge what people feel is the best way
>
> 1) adjust the test setup so the logged in user is the same object and
> the comparison returns true (I have no idea how I would go about doing
> this)
>
> 2) just do current_user.id == @thing.owner.id, this seems like the
> most obvious and easiest but somehow less elegant
>
> 3) write my own comparison method on my user class, either:
>
> def is_equal_to user(user)
>  return user.id == self.id
> end
>
> or:
>
> def is_current_user
>  return current_user.id == self.id
> end
>
> 4) something else I haven't thought about
>
> --
> You received this message because you are subscribed to the Google Groups 
> "Ruby on Rails: Talk" group.
> To post to this group, send email to [email protected].
> To unsubscribe from this group, send email to 
> [email protected].
> For more options, visit this group at 
> http://groups.google.com/group/rubyonrails-talk?hl=en.
>
>

-- 
You received this message because you are subscribed to the Google Groups "Ruby 
on Rails: Talk" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to 
[email protected].
For more options, visit this group at 
http://groups.google.com/group/rubyonrails-talk?hl=en.

Reply via email to