我一直致力于此自定义收件箱消息传递。我正在尝试设置,以便只有收件箱所有者(用户登录)才能查看其邮件。现在任何人都可以输入一个网址,例如/users/1/messages/7并查看该消息,只有用户可以读取ID 1,而不是具有ID 4,5,6等的用户。我假设我需要进入消息模型并添加如下内容:
if inbox.recepient_id != @current_user.id
redirect_to :root
知道如何让它发挥作用吗?
消息模型:
class Message < ActiveRecord::Base
attr_accessible :subject, :body, :sender_id, :recepient_id, :read_at,:sender_deleted,:recepient_deleted
validates_presence_of :subject, :message => "Please enter message title"
belongs_to :sender, :class_name => 'User', :foreign_key => 'sender_id'
belongs_to :recepient, :class_name => 'User', :foreign_key => 'recepient_id'
# marks a message as deleted by either the sender or the recepient, which ever the user that was passed is.
# When both sender and recepient marks it deleted, it is destroyed.
def mark_message_deleted(id,user_id)
self.sender_deleted = true if self.sender_id == user_id
self.recepient_deleted = true if self.recepient_id == user_id
(self.sender_deleted && self.recepient_deleted) ? self.destroy : self.save!
end
# Read message and if it is read by recepient then mark it is read
def readingmessage
self.read_at ||= Time.now
save
end
# Based on if a message has been read by it's recepient returns true or false.
def read?
self.read_at.nil? ? false : true
end
def self.received_by(user)
where(:recepient_id => user.id)
end
def self.not_recepient_deleted
where("recepient_deleted = ?", false)
end
end
答案 0 :(得分:1)
Cancan是你的宝石。我在我的所有项目中都使用它。
答案 1 :(得分:0)
我解决这个问题的一种方法是在你的消息控制器上创建一个before_filter。
class Messages < ApplicationController
before_filter :check_user_inbox
def check_user_inbox
if inbox.recepient_id != @current_user.id
redirect_to :root
end
end
...
end