samedi 27 janvier 2018

Rails 5 validate parameters based on current user

I have a Product model which belongs_to a Category. A User only has access to a few categories.

How do I validate when creating a Product, that the User has access to the category_id it is trying to assign?

Let's assume I have the list of allowed Categories in session[:category_ids].

In the controller I use strong parameters like so:

def product_params
  params.require(:product).permit(:name, :description, :category_id)
end

Is it possible to filter out values we dont have access to here? Or is there a better way to achieve this?

Aucun commentaire:

Enregistrer un commentaire