ruby on rails - Limit access specific column depending on which user is logged in -
i have created following table users publish articles:
create_table "article", force: true |t| t.boolean "approved", default: false t.string "content", t.integer "category_id", t.string "title" end
now want limit access 1 column. regular users can edit article fields (content, category_id, title
) cannot edit column approved
. column approved
can edited administrator.
i followed michael hartl's tutorial , i've done authorization of users. have helper have method can check logged in user administrator logged_in_user.admin
gives me true or false.
how can secure table prevent regular users bad intentions change approved
column?
assuming have article_params
method in articlescontroller
. modify below :
def article_params if logged_in_user.admin params.require(:article).permit(:approved, :content, :category_id, :title) else params.require(:article).permit(:content, :category_id, :title) end end
if logged_in_user
admin
allow approved
attribute saved in database. make sure permit params using article_params
method while creating/updating article.
Comments
Post a Comment