I have a Product model which belongs_to a Category. A User only has access to a few categories.
How do I validate when creating a Product, that the User has access to the category_id
it is trying to assign?
Let's assume I have the list of allowed Categories in session[:category_ids]
.
In the controller I use strong parameters like so:
def product_params
params.require(:product).permit(:name, :description, :category_id)
end
Is it possible to filter out values we dont have access to here? Or is there a better way to achieve this?
Aucun commentaire:
Enregistrer un commentaire