1)Rails controller
$ vi app/controllers/users_controller.rb
class UsersController < ApplicationController before_action :correct_user, only: [:update] private def correct_user user = User.find(params[:id]) remember_token = User.encrypt(cookies[:remember_token]) current_user ||= User.find_by(remember_token: remember_token) if current_user != user render status: :unauthorized end end
2)AngularJS controller
$ vi app/assets/javascripts/mymodule.js.erb
myModule.controller("UsersNewCtrl", function($scope, userResource, $location, flashService, $routeParams, sessionResource, $q) { ...... ...... var deferred = $q.defer(); deferred.promise.then(function (result) { var user_info = result; if ($routeParams.id) { if (user_info.user.id == $routeParams.id) { .........