Forum: Ruby on Rails block certain users from doing tasks

Announcement (2017-05-07): is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see and for other Rails- und Ruby-related community platforms.
Scott P. (Guest)
on 2007-07-30 04:55
So I have an account manager for users on my site and it has their
profile which just displays their information, and a place where they
can edit their info, the problem I am having is right now a person can
edit anyone's profile, so I obviously want to make it so they can only
edit their own profile. In my controller I added an if statement that
would check to see if the user was editing their profile which went like

def edit
  id = params[:id]
  if session[:user_id] == id
    @user = User.find_by_id(id)
    flash[:notice] = "No user by that user id can be found"
    redirect_to(:controller => 'home', :action => 'index')
  flash[:notice] = "You are not authorized to edit this user"
  redirect_to(:controller => 'account', :action => 'profile', :id => id)

But that always gives me the message that I have set as my flash and
takes me to the profile that was trying to be edited (even if the
profile was my own).
Any suggestions?
This topic is locked and can not be replied to.