Question

我有两个型号User和Promotion，用户可以创建has_many促销和促销属于用户，对于我使用设计的用户：

当我删除促销时，我希望用户也无法删除其他用户的促销信息，但只能删除自己

我必须更换控制器但是如何？我希望能得到帮助

这是销毁促销的控制者

def destroy
@promotion = Promotion.find(params[:id])
@promotion.destroy
#@promotion = current_user.promotions.destroy

respond_to do |format|
  format.html { redirect_to promotions_url, notice:'Promotion was successfully delete.' }
  format.json { head :ok }
 end
 end
end

对不起我的英语！

Answer 1

如果current_user也是@promotion的创建者，则交叉检查：

def destroy
  @promotion = Promotion.find(params[:id])
  if @promotion.user == current_user #if user is the owner of that promotion
    @promotion.destroy
    respond_to do |format|
      format.html { redirect_to promotions_url, notice:'Promotion was successfully delete.' }
      format.json { head :ok }
    end
  else
    redirect_to root_path
  end
end

Rails设计和has_many与促销权限的关联

1 个答案: