Rails & Devise: how to authenticate a specific user?

Question

Rails & Devise: how to authenticate a specific user?

This is the first time I'm using Devise with rails, and I'm having problems with one thing: I used the provided authenticate_user! method authenticate_user! in my user controller to restrict access to such pages: before_filter :authenticate_user!, :only => [:edit, :show, :update, :create, :destroy]

But this allows any subscribed user to access any other user actions :edit , which I want to limit only to this user. How can I do it?

+4

authentication ruby-on-rails-3 devise

Ankit soni Jul 26 '11 at 11:59

source share

2 answers

You must log in to an authorization such as CanCan. Or, alternatively, create a new method:

 # Create an admin boolean column for your user table. def authenticate_admin! authenticate_user! and current_user.admin? end

+3

Zach inglis Jul 26 '11 at 12:02

source share

Dex · Accepted Answer · 2011-07-26T12:04:51+0000

In your editing method, you need to check to see if the user owns the entry:

 def edit @record = Record.find(params[:id]) if @record.user == current_user @record.update_attributes(params[:record]) else redirect_to root_path end end

Rails & Devise: how to authenticate a specific user?

More articles: