I'm Rails newbie so this might be incredibly stupid question but I hope somebody finds the time to help me :)
I'm currently doing my first Rails 3 application with MongoDB. I have setup Devise for authentication and it's working great. I'm trying to create blog type of app so each registered user can post an article. Naturally user model has "many: posts" and post model has "belongs_to: user" but here's the problem: I don't want to have user_id as a field in the new post form for security reasons so how can I pass the current user to post model? I removed all fields related to user data from the form so now it doesn't seem to be able to get the data for user_id anywhere.
So how do I use Devise's current_user helper method to pass the correct user_id to post model for proper association?
I assume you have a controller action responsible for handling your post creation. In RESTful design that would be create action normally. That action would call a save or create method on your model. Prior to the method call, assign the user_id to your devise's #current_user.id.
Related
hi currently i am making a new project using rails 5, and devise , my problem is that i am trying to get the current user that is logged into my webapp, and then get the current users id and save it into the database.
currently getting a lot of error and having trouble doing so.
my database are the following for the sample
Note this is the default devise setup for the user
User
username
password
email address
blog
title.text
body.text
user_id.integer
now my problem is that how do i get the current user that is logged into my webapp, and then save it into the blog database that contains the user_id. i havent added the blog yet into one of my samples , but i am currently failing at the results that i need to be making and pushing forward into it.
is there a way to scaffold it , or do i need to go commando and hardcode it, if so how is it possible to do so?
get the current user so that it gets the current user id and save it to each blog.
2.how do i push it into the controller
how do i do it into the model as well
i am a bit confused as to how it should be made and done , with rails any help will be appreciated
In your user.rb model
define relationship with user in this way
has_many :blogs
in your bolg.rb model
belongs_to :user
now in your create method in your blog controller
#user = current_user
then
if #user.blogs.create(blog_params)
#your logic
end
This automatically save user_id to database.
I'm relatively new to rails and am using devise for my user sign up and sign in processes. At sign up if a user doesn't have an invite token I would like them to also sign up and create their business that will be associated with their user account.
Below is a screenshot of the error I am getting in my RegistrationsController when trying to create the new business.
Here is my code in the registrations_controller.rb:
if params[:invite_code]
...
else
resource = build_resource({})
resource.businesses.build() # Inserts a blank object for business
respond_with resource
end
Any ideas on why it isn't able to pass the business information provided and create a new business? Thanks in advance for any help.
I think it's just a pluralization issue. The has_one association on the User should be singular (:business) as should the method call in the controller (resource.business.build()) and accepts_nested_attributes_for.
That being said, that part of the controller should never even be getting hit. All of your logic should be contained within this first conditional. Everything happening here should probably be pulled out into another method and called after the successful save. Here's a new gist with a refactoring of registrations_controller.rb: https://gist.github.com/ccschmitz/7ea0a41180e25de9168d
Hi clever programmers,
I've been searching and reading a couple days, but I need some Rails help-
Here is my goal: I want to make a multi-page profile for each user, and I'd like to handle this profile with a profile controller.
The problem? How do I make the 'show' REST action apply to an entire controller instead of just one page? Specifically, how can I have both a #current_user and a #user variable available in the Profile controller that correspond to the signed-in user and the current user's page.
I'm not sure if I should be making routes with multiple :id s in the route or if there is some way to persist the signed-in-user in something like #current_user when they sign in that is just available everywhere and then I would use the :id of the user who's profile it is in the route. I'm pretty sure facebook does something like facebook.com/{your_id}/{their_id}/ for example.
I tried accessing #current_user from my session_helper.rb class but it came up nil and I'm not sure how to pass the :id to use User.find(params[:id]) because the profile controller is not affiliated with the resource for the User model.
Any protips or links to helpful readings would be much appreciated. I'm a beginner so feel free to suggest a better course of action if I'm going against the rails way. Thanks in advance!
You may not know but you can store session data, and user_id it's really common thing that people saves on it.
So for saving at the sign in
session[user_id] = ....
Then you could have something like this on a helper
def current_user
User.find(session[user_id]) if session[user_id]
end
You should check the gem called devise. It provides all the functionality for aunthentication and it also provides a current_user method everywhere. You should check it at least to see how they have implemented that method.
This might be very simple; I don't know Rails very well.
I have a match myController/myAction/myID in my routes.rb that will direct hyperlinks to the proper page (using link_to). But here's the problem: I don't want people to be able to freely modify the id parameter, passing in via the URL whatever they like.
Is there a way to perhaps restrict access to routes to the link_to method only? Or maybe there's another way to go about this, using a passed in hidden variable param or something?
Users access you site via urls like: /controller/action/:id right? A user can change an id and must not view another non authorized resource. How to achieve this?, on your controller, return only those resources that user is allowed to access.
For example, suppose that you are using devise:
class AController < ApplicationController
def index
#resouces = current_user.find_all_by_id params[:id]
end
end
This way if the user tries to access something he does not have access to, he will get an error.
Hope this helps, if not please let me know and I'll try to elaborate.
About current_user, yes it is supposed to be the current logged in user, it doesn't have to be devise, you can implement your own session handling logic and then create a helper method to retrieve the currently logged in user.
About using devise, if you don't want to implement your own session handling logic, plus if you want features like:
remember me
already created views that you can fully customize
authentication
authorization
password encryption
many more (please look at the docs for further information)
Then devise is a good way to go.
Also, it is always a great idea, if possible and as a learning exercise, implement your own authentication and authorization layers, you won't regret.
Best regards
Emmanuel Delgado
I want to link a model Tasks to a User properly, to make sure that only an authenticated user can access only the Tasks and dependent models that belong_to User and Task
My user model was generated using nifty authentication from Railscasts' Ryan B
I'm having a lot of trouble finding a guide on how to set up these views to be secure.
Any suggestions SO?
I think you are looking for an authorization solution. If this is a simple app, you should set up your controllers to return only tasks belong to the user like so:
#tasks = current_user.tasks
Presumably you have a has_many association set up on your User model. If you do this for all your controllers, they will be scoped to your user, so you don't have to worry about authorization.
If you are looking for a more complex solution, look towards something like cancan.