Check a user is author of post before edit or delete

Philip Benton September 24, 2018 12:11pm

Hi all,

What is the best way to check a user (current_user) owns a post before edit or delete?

I have a Post model with a has_one relationship to the User model, user_id is set. The logged in user is stored within current_user.

Is it as simple as writing a method such as:

def is_author?
    redirect_to root_path unless @post.user == current_user
end

and using a before_action:

before_action :is_author?, only: [:edit, :update, :destroy]

Jacob Montgomery September 24, 2018 2:17pm

Hey Philip,

Yes, that's fine to do.

I personally prefer to just check by @post.user_id as opposed to @post.user as it will most likely have to hit the DB to fetch the user object, whereas @post.user_id == current_user.id won't need to.

Philip Benton September 24, 2018 5:20pm

Thanks Jacob, that makes more sense.

Courses

Rails for Beginners

Advanced Ruby: Behind the Magic

Payments with Rails Master Class

Refactoring Rails

Apps

Hatchbox.io

Jumpstart Rails SaaS Template

Other

Remote Ruby Podcast

Rails Hackathon

Beginner Bounties

Ruby on Rails Job Board

Notifications

Check a user is author of post before edit or delete

Want to stay up-to-date with Ruby on Rails?