MikeH
MikeH

Reputation: 866

Limiting the view of certain page elements to only the owner of the profile?

I have a user model and a profile model.

user has_one :profile
profile belongs_to :user

On the "show" view of the profile, there's an input field that only the owner of the profile should see. I currently have it limited to where only a logged-in user can see it, but I need it to go further and only appear visible to the user who owns that particular profile.

I am using the following to limit the view to only logged in users: <% if logged_in? %>.

Upvotes: 1

Views: 229

Answers (2)

Carlos
Carlos

Reputation: 840

I'm just guessing here, but I'm assuming that you're using restful_authentication because of the logged_in method. If you are, you can use current_user to filter this out.

Example: (assuming that you have a @user variable)

show field

Upvotes: 1

KJ Saxena
KJ Saxena

Reputation: 21848

Set a SESSION variable with the user name when the user is authenticated. Then, in every single page when you check if the session is set, check if that user (as set in the session variable) has access to what that page contains OR display only that part to which only that user has access.

Upvotes: 0

Related Questions