Limiting the view of certain page elements to only the owner of the profile?

Question

I have a user model and a profile model.

user has_one :profile
profile belongs_to :user

On the "show" view of the profile, there's an input field that only the owner of the profile should see. I currently have it limited to where only a logged-in user can see it, but I need it to go further and only appear visible to the user who owns that particular profile.

I'm currently using the following to limit the view to only logged in users: <% if logged_in? %>.

I'm not really sure where to start in approaching this question beyond that. I'll respond quickly if you need more information. Thanks!

Answer 1

Set a SESSION variable with the user name when the user is authenticated. Then, in every single page when you check if the session is set, check if that user (as set in the session variable) has access to what that page contains OR display only that part to which only that user has access.

Answer 2

I'm just guessing here, but I'm assuming that you're using restful_authentication because of the logged_in method. If you are, you can use current_user to filter this out.

Example: (assuming that you have a @user variable)

<% if logged_in and current_user == @user %> show field <% end %>