Reputation: 25
Tips on Performing Rails User Authorization
I am new to Ruby on Rails development. Currently, I am creating a web app where users can log in, create, and manipulate their own "campaigns" (database objects) that are then displayed on a dashboard. I am using the devise gem, but at best it filters the database objects without actually using any permissions. I need to make sure that the database objects that appear on the dashboard are specific to only the current user that is logged in. What would be a good solution for displaying the campaigns of only the logged in user on the dashboard, and making sure that the user can't access/see anyone else's objects on the dashboard.
Upvotes: 0
Views: 165
Answers (1)
Reputation: 144
It sound like you need a before_filter on your controller. I don't use devise, but just google "devise before action" and you will find many links like this one that might be helpful. On another note, here is an excellent tutorial that shows how to create your own authentication system. I recommend doing it twice. The rails guides are also great.
Update:
Try this in your contoller
def index
@user = User.find(params[:id])
@campaigns = @user.campaigns.all
end
Upvotes: 2
Related Questions
- Getting error: Peer authentication failed for user "postgres", when trying to get pgsql working with rails
- Understanding the Rails Authenticity Token
- Authentication versus Authorization
- How do I get the current absolute URL in Ruby on Rails?
- What does GRANT USAGE ON SCHEMA do exactly?
- Using Rails 3.1, where do you put your "page specific" JavaScript code?
- How can I rename a database column in a Ruby on Rails migration?
- How to drop columns using Rails migration
- Rails 4 Authenticity Token
- Is there a way to return the number of devise users currently logged in?