我正在尝试在我的控制器中创建一个 before_action,以便只有帐户中的成员(用户)才能查看和编辑与帐户相关的内容。目前,如果我更改浏览器上的 URL,我可以查看和编辑用户不是成员的帐户。
这是我的讨论_控制器:
class DiscussionsController < ApplicationController
before_action :set_discussion, only: [:show, :edit, :update, :destroy]
before_action :authenticate_user!
# GET /discussions
def index
@newactivitys = Newactivity.all.order(created_at: :desc).limit(6)
@pagy, @discussions = pagy(Discussion.joins(:posts).group('discussions.id').order('MAX(posts.created_at) DESC'))
end
# GET /discussions/1
def show
@newactivitys = Newactivity.all.order(created_at: :desc).limit(6)
end
# GET /discussions/new
def new
@discussion = Discussion.new
@discussion.posts.new
@newactivitys = Newactivity.all.order(created_at: :desc).limit(6)
end
# GET /discussions/1/edit
def edit
@newactivitys = Newactivity.all.order(created_at: :desc).limit(6)
end
# POST /discussions
def create
@newactivitys = Newactivity.all.order(created_at: :desc).limit(6)
@discussion = Discussion.new(discussion_params)
@discussion.posts.each{ |post| …