我想允许正确的用户或管理员用户删除模型。我该如何设置?
控制器
before_filter :correct_user, only: [:edit, :update, :destroy]
before_filter :admin_user, only: :destroy
...
private
def signed_in_user
unless signed_in?
store_location
redirect_to signin_path, notice: "Please sign in."
end
end
def correct_user
if (Event.find(params[:id]).user_id != current_user.id)
redirect_to events_path, :notice => "You do not own this event"
end
end
def admin_user
redirect_to(root_path) unless current_user.admin?
end
目前,用户需要同时是模型的管理员和所有者。我想有一个或许可安排。