OhDaeSu
Reputation: 525
Rails: Current user should only be able to view their own users#show page (Devise)?
Is there a way to allow a user to only view their own profile page (users#show)? So when someone with an id of say 1 tries to go to the www.myapp.com/users/412 url, he will be re-directed to the root page? He can only access www.myapp.com/users/1.
I am using devise and this is what I've tried. However with this code strangely enough, the current user cannot access his own page.
users_controller.rb
class UsersController < ApplicationController
before_action :authenticate_user!
before_action :only_see_own_page, only: [:show]
def show
#some ruby code here
end
private
def only_see_own_page
if current_user.id != params[:id]
redirect_to root_path, notice: "Sorry, but you are only allowed to view your own profile page."
end
end
end
**routes.rb*
resources :users, only: [:show]
Upvotes: 1
Views: 1158
Answers (1)
OhDaeSu
Reputation: 525
Argh, it was that easy... This is what worked for me:
def only_see_own_page
@user = User.find(params[:id])
if current_user != @user
redirect_to root_path, notice: "Sorry, but you are only allowed to view your own profile page."
end
end
Upvotes: 2
Related Questions
- Creating a `Users` show page using Devise
- Rails user profile page only accessible to correct user
- Rails: Using Devise So User Can Only See Their Content
- Restrict viewable content to user that created it
- Devise: How to prevent users from seeing other users information
- Devise's current_user doesn't work?
- Devise show user page
- Devise public user page only if user is pro
- Devise User Show Page Controller not working
- Rails: Current_user should only see records from his/her own group. How do I do this?