Rails 3 permissions?

Question

I currently have a rails app and each user has a profile that has videos, photos, etc. Everything works fine but I am unable to separate a profile from another user profile.

Example: I have two users Jack and bob. Jack profile url is jack.mysite.com and bob profile url is bob.mysite.com. When jack uploads a video and I visit the url jack.mysite.com/videos I would only like to see jack videos and not bob videos and vice versa.

How can I tell rails to only show me a users uploads(videos,photos etc) when visiting their profile url?

Answer 1

Make sure your videos and other profile related stuff has a belongs_to relation with the user model.

When you visit a url like jack.site.nl and you want to only show jacks stuff, you need to pass the sub domain as a constraint in your routes and pick up the param in the receiving controller. You should be able to do something like this in your controller:

user = User.find_by_username(params[:subdomain])
@videos = Video.where(user_id: user.id)

Checkout one of the subdomain Railscasts for more details http://railscasts.com/episodes?utf8=%E2%9C%93&search=subdomain

When you need to restrict each users data you should checkout http://railscasts.com/episodes/192-authorization-with-cancan

Answer 2

This is a little abstract, but here's what you have to do:

1. Grab the current user's profile because it has the association to videos and photos.

# with devise gem:
current_profile = User.profile # if your user has a profile
# otherwise something messy like this maybe:
# current_profile = Profile.where(user_id: current_user).first

2. Grab the videos and photos which belonging to the current user's profile.

current_users_videos = Video.where( profile_id: current_profile )
current_users_photos = Photo.where( profile_id: current_profile )
# writing a scope on Video and Photo would be cleaner, btw