ansaurus

Question

Rails authentication gift list for each user?

Answer 1

+1 A:

Would that work, or am I missing something?

Very short answer: yes that would work; no you are not missing something.

I looked at your code.

Instead of:

def index
  @people = Person.find(:all)
end

You need something along the lines of:

def index
  @people = current_user.people
end

Where current_user is the User object that refers to the logged in user.

In the create method you will need to assign the newly created person to the current_user:

def create
  @person = Person.new(params[:person])
  @person.user = current_user # This associates @person with current_user
  if @person.save
    flash[:notice] = "Successfully created person."
    redirect_to @person
  else
    render :action => 'new'
  end
end

captaintokyo 2010-10-21 11:40:50

OK, thanks. I have done the changes I suggested and added a column in the people table called user_id. Everything works, however, everyone can see all people. It's still one big communal list.

dannymcc 2010-10-21 11:41:58

When displaying the list of people you will need something like `current_user.people` instead of `Person.all`. I don't know the nifty_authentication generator, but it should supply an object for logged in user.

captaintokyo 2010-10-21 11:44:58

In the views or the people controller?

dannymcc 2010-10-21 11:57:12

In the controller. See my updated answer.

captaintokyo 2010-10-21 11:59:34

Ok, I changed it to `@people = current_user.people`. The app still works and I can create new people but they are not showing up when after I leave the show person page. Once I click to go back to the homepage there are no people listed. Do I also need to make changes to the show view?

dannymcc 2010-10-21 12:05:16

That's because you don't assign the new people to the current_user... hold on, I will show you how to do that.

captaintokyo 2010-10-21 12:07:56

Ok, I think I am understanding. When I make those two changes though, the whole app now shows this error: `NoMethodError in PeopleController#index` `undefined method `people' for nil:NilClass`

dannymcc 2010-10-21 12:14:50

This means that `current_user` is `nil`. I am having a look at nifty_authentication now...

captaintokyo 2010-10-21 12:20:46

Looks like you have to include the include the Authentication module in your Application controller.

captaintokyo 2010-10-21 12:26:45

It's already there. `class ApplicationController < ActionController::Base` `include Authentication`

dannymcc 2010-10-21 12:28:41

Strange.. looking at your code on Github and it looks fine. Maybe your session expired. Can you login again and try again?

captaintokyo 2010-10-21 12:40:07

I have just stopped the localhost, dropped the db and then re-migrated and started the localhost again. Same problem. It's really weird.

dannymcc 2010-10-21 12:41:42

OK, I figured it out. You have to add `before_filter :login_required` at the top of your PeopleController. On the second line after `class PeopleController < ApplicationController`.

captaintokyo 2010-10-21 12:45:16

This before filter prevents you from going to a page if you are not logged in. You have to add it on controller you don't want people to access without logging in.

captaintokyo 2010-10-21 12:46:22

You absolute legend. That's solved it. Thanks a million.

dannymcc 2010-10-21 12:55:43

You're welcome. Note that there is still a security risk in the edit method. You can enter the id of a person in the URL that doesn't belong to you. So you'd better replace `User.find(params[:id])` with `current_user.find(params[:id])`. Same goes for the `destroy` method. Good luck.

captaintokyo 2010-10-21 13:00:26

I have done those changes, thanks for pointing them out!

dannymcc 2010-10-21 13:37:40

ansaurus

tags:

views:

answers:

Rails authentication gift list for each user?

related questions