ruby on rails - Limit access specific column depending on which user is logged in -


i have created following table users publish articles:

create_table "article", force: true |t|     t.boolean  "approved",          default: false     t.string   "content",     t.integer  "category_id",     t.string   "title" end 

now want limit access 1 column. regular users can edit article fields (content, category_id, title) cannot edit column approved. column approved can edited administrator.

i followed michael hartl's tutorial , i've done authorization of users. have helper have method can check logged in user administrator logged_in_user.admin gives me true or false.

how can secure table prevent regular users bad intentions change approved column?

assuming have article_params method in articlescontroller. modify below :

  def article_params     if logged_in_user.admin         params.require(:article).permit(:approved, :content, :category_id, :title)     else         params.require(:article).permit(:content, :category_id, :title)     end   end  

if logged_in_user admin allow approved attribute saved in database. make sure permit params using article_params method while creating/updating article.


Comments

Popular posts from this blog

Android layout hidden on keyboard show -

google app engine - 403 Forbidden POST - Flask WTForms -

c - Why would PK11_GenerateRandom() return an error -8023? -