自分以外のレコードを編集や削除ができないように。
Opened this issue · 1 comments
kawasaki-shohei commented
URLを直接叩いて、編集画面にアクセスできないこと。また削除や更新ができないこと。
■ 精算
- pays#create
- pays#new
- pays#edit
- pays#update
- pays#destroy
■ 予算
- badgets#create
- badgets#new
- badgets#edit
- badgets#update
- badgets#destroy
■ 貯金
- deposits#create
- deposits#new
- deposits#edit
- deposits#update
- deposits#destroy
- deposits#withdraw
■ 収入
- incomes#create
- incomes#new
- incomes#edit
- incomes#update
- incomes#destroy
■ カテゴリー(single page)
- categories#create
- categories#new
- categories#edit
- categories#update
- categories#cancel
- common_categories#update
- common_categories#destroy
■ 出費
- expenses#create
- expenses#new
- expenses#edit
- expenses#update
- expenses#destroy
■ 繰り返し出費
- repeat_expenses#both
- repeat_expenses#confirm
- repeat_expenses#create
- repeat_expenses#new
- repeat_expenses#edit
- repeat_expenses#update
- repeat_expenses#destroy
■ 通知
- notifications#update
- notifications#bulk_update
■ 設定
- settings#change_allow_share_own
- settings#index
kawasaki-shohei commented
Bankenを入れて、actionごとに record.user == current_user を判定する