I am currently building an app where users can create and apply for employment, however, I'm fairly new because I'm facing a significant security feature, for example:
localhost: 3000 / users / user_id / apps < P> then they can see any application made by any user for any purpose! I'm pretty sure that to find out whether the existing_user.id is either in the job of user-IDs in the job of hosting jobs or match user_id, give me a before_filter needs to be used on my application table I'm not really sure how or how to implement the filter - for example it is better to create filters in the application controller and Then apply a skip_before_filter example where Anyone helping people to offer this code can transit and where to place it will be appreciated! Thank you :)
Before you start looking at authorization solutions like Canon,
App.find params [: id] An app is tied to a user and you can get the current user setup > app = current_user.fps Parameter [: id] will only find applications associated with the user, regardless of what the parameters are available.
Where really comes in itself, when you need more complex which systems can do it. For example, the user may be able to edit any work, but seeing the second set of jobs (and can not edit)
for example
can Are: management, project ,: user.id = & gt; User.id: can read, project,: department = gt; User.department This will give users full access to any of their projects and can access projects in their department
One about Canain And the thing is that instead of being the first_filter or the macro is scattered around your controllers, you declare the rules in one place, so it is easy to see what is happening and get more information about Cancan Wiki. E is. A
Comments
Post a Comment