1,在ApplicationController里添加几个辅助方法:
class ApplicationController < ActionController::Base
session :session_key => '_hilog_session_id'
before_filter :load_defaults
helper_method :logged_in?
protected
def load_defaults
@current_user =
if logged_in?
User.find(session[:user_id])
else
nil
end
end
def logged_in?
session[:user_id]
end
def require_login
redirect_to(new_session_url(:go_after => request.request_uri)) and return false unless session[:user_id]
end
end
load_defaults得到当前登录的用户@current_user
helper_method让logged_in?方法可以在rhtml页面里使用
require_login是一些需要登录权限才能操作的action的before_filter
2,在Topic模型类里添加editable_by?方法:
class Topic < ActiveRecord::Base
belongs_to :user
def editable_by?(account)
account && (account.id == user.id )
end
end
这样可以在rhtml页面和controler里判断topic是否可以被@current_user编辑和删除