我一直在这个自定义收件箱的消息。我正在设置,以便只有收件箱所有者(用户登录)才能查看他们的消息。现在任何人可以输入一个URL,例如/users/1/messages/7
和查看该消息时,它应该仅是可读由用户王氏id为1,不与IDS 4,5,6等我假设用户我需要在消息去模型和添加如下:如何防止用户访问收件箱中的邮件
if inbox.recepient_id != @current_user.id
redirect_to :root
任何想法如何让这个工作?
信息模型:
class Message < ActiveRecord::Base
attr_accessible :subject, :body, :sender_id, :recepient_id, :read_at,:sender_deleted,:recepient_deleted
validates_presence_of :subject, :message => "Please enter message title"
belongs_to :sender, :class_name => 'User', :foreign_key => 'sender_id'
belongs_to :recepient, :class_name => 'User', :foreign_key => 'recepient_id'
# marks a message as deleted by either the sender or the recepient, which ever the user that was passed is.
# When both sender and recepient marks it deleted, it is destroyed.
def mark_message_deleted(id,user_id)
self.sender_deleted = true if self.sender_id == user_id
self.recepient_deleted = true if self.recepient_id == user_id
(self.sender_deleted && self.recepient_deleted) ? self.destroy : self.save!
end
# Read message and if it is read by recepient then mark it is read
def readingmessage
self.read_at ||= Time.now
save
end
# Based on if a message has been read by it's recepient returns true or false.
def read?
self.read_at.nil? ? false : true
end
def self.received_by(user)
where(:recepient_id => user.id)
end
def self.not_recepient_deleted
where("recepient_deleted = ?", false)
end
end
我有我自己的授权和认证。对于我的第一个应用程序想要从头开始构建,因为我会更好地学习这种方式。 – pwz2000
只是不这样做你的第一个应用程序。 – jturolla