Reputation: 866
Limiting the view of certain page elements to only the owner of the profile?
I have a user model and a profile model.
user has_one :profile
profile belongs_to :user
On the "show" view of the profile, there's an input field that only the owner of the profile should see. I currently have it limited to where only a logged-in user can see it, but I need it to go further and only appear visible to the user who owns that particular profile.
I am using the following to limit the view to only logged in users: <% if logged_in? %>.
Upvotes: 1
Views: 229
Answers (2)
Reputation: 840
I'm just guessing here, but I'm assuming that you're using restful_authentication because of the logged_in method. If you are, you can use current_user to filter this out.
Example: (assuming that you have a @user variable)
show fieldUpvotes: 1
Reputation: 21848
Set a SESSION variable with the user name when the user is authenticated. Then, in every single page when you check if the session is set, check if that user (as set in the session variable) has access to what that page contains OR display only that part to which only that user has access.
Upvotes: 0
Related Questions
- How to restrict access to different pages in Rails?
- Rails user profile page only accessible to correct user
- How can I restrict a user from viewing a page that they don't have access to?
- Rails 4 - Making profile pages sharable
- Rails: Restrict access to specific pages
- Rails allow access to one page without restricting the whole controller
- Rails: Is it good practice to restrict page access in the view?
- How do I protect a specific page from being viewing with out login in ruby on rails
- Rails Way to Restrict Page Access Without Sessions
- How to restrict user access page in RoR?