kawasaki-shohei/household_account_book

自分以外のレコードを編集や削除ができないように。

Opened this issue · 1 comments

kawasaki-shohei commented

URLを直接叩いて、編集画面にアクセスできないこと。また削除や更新ができないこと。

■ 精算

  • pays#create
  • pays#new
  • pays#edit
  • pays#update
  • pays#destroy

■ 予算

  • badgets#create
  • badgets#new
  • badgets#edit
  • badgets#update
  • badgets#destroy

■ 貯金

  • deposits#create
  • deposits#new
  • deposits#edit
  • deposits#update
  • deposits#destroy
  • deposits#withdraw

■ 収入

  • incomes#create
  • incomes#new
  • incomes#edit
  • incomes#update
  • incomes#destroy

■ カテゴリー(single page)

  • categories#create
  • categories#new
  • categories#edit
  • categories#update
  • categories#cancel
  • common_categories#update
  • common_categories#destroy

■ 出費

  • expenses#create
  • expenses#new
  • expenses#edit
  • expenses#update
  • expenses#destroy

■ 繰り返し出費

  • repeat_expenses#both
  • repeat_expenses#confirm
  • repeat_expenses#create
  • repeat_expenses#new
  • repeat_expenses#edit
  • repeat_expenses#update
  • repeat_expenses#destroy

■ 通知

  • notifications#update
  • notifications#bulk_update

■ 設定

  • settings#change_allow_share_own
  • settings#index
kawasaki-shohei commented

Bankenを入れて、actionごとに record.user == current_user を判定する