I have a Rails API project.
I am trying to implement a counter on the number of times a file is requested, say, the number of times an audio file is played.
This is my model
class Post < ApplicationRecord
has_one_attached :audio_file
end
The frontend gets the file URL and makes a GET request to play the file:
GET localhost:3001/rails/active_storage/blobs/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBDQT09IiwiZXhwIjpudWxsLCJwdXIiOiJibG9iX2lkIn19--75d7e21e4e3727c21cb0e26a86c7366dea1bc36a/test_audio.mp3
When the request is performed, rails logs this:
Started GET "/rails/active_storage/blobs/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBDQT09IiwiZXhwIjpudWxsLCJwdXIiOiJibG9iX2lkIn19--75d7e21e4e3727c21cb0e26a86c7366dea1bc36a/test_audio.mp3" for ::1 at 2020-05-13 20:29:15 -0400
(28.4ms) SELECT "schema_migrations"."version" FROM "schema_migrations" ORDER BY "schema_migrations"."version" ASC
↳ /home/david/.rbenv/versions/2.6.0/lib/ruby/gems/2.6.0/gems/activerecord-5.2.3/lib/active_record/log_subscriber.rb:98
Processing by ActiveStorage::BlobsController#show as MP3
Parameters: {"signed_id"=>"eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBDQT09IiwiZXhwIjpudWxsLCJwdXIiOiJibG9iX2lkIn19--75d7e21e4e3727c21cb0e26a86c7366dea1bc36a", "filename"=>"test_audio"}
ActiveStorage::Blob Load (45.5ms) SELECT "active_storage_blobs".* FROM "active_storage_blobs" WHERE "active_storage_blobs"."id" = $1 LIMIT $2 [["id", 3], ["LIMIT", 1]]
↳ /home/david/.rbenv/versions/2.6.0/lib/ruby/gems/2.6.0/gems/activerecord-5.2.3/lib/active_record/log_subscriber.rb:98
Disk Storage (18882.5ms) Generated URL for file at key: XoA9L6bBFrEeBuGMRPzHx6Wn (http://localhost:3001/rails/active_storage/disk/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaDdDRG9JYTJWNVNTSWRXRzlCT1V3MllrSkdja1ZsUW5WSFRWSlFla2g0TmxkdUJqb0dSVlE2RUdScGMzQnZjMmwwYVc5dVNTSkxZWFIwWVdOb2JXVnVkRHNnWm1sc1pXNWhiV1U5SW5SbGMzUmZZWFZrYVc4dWJYQXpJanNnWm1sc1pXNWhiV1VxUFZWVVJpMDRKeWQwWlhOMFgyRjFaR2x2TG0xd013WTdCa1k2RVdOdmJuUmxiblJmZEhsd1pVa2lEMkYxWkdsdkwyMXdaV2NHT3daVSIsImV4cCI6IjIwMjAtMDUtMTRUMDA6MzQ6NDUuMDMyWiIsInB1ciI6ImJsb2Jfa2V5In19--b7120a24370e1afd709601363c463950bbb6ad22/test_audio.mp3?content_type=audio%2Fmpeg&disposition=attachment%3B+filename%3D%22test_audio.mp3%22%3B+filename%2A%3DUTF-8%27%27test_audio.mp3)
Redirected to http://localhost:3001/rails/active_storage/disk/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaDdDRG9JYTJWNVNTSWRXRzlCT1V3MllrSkdja1ZsUW5WSFRWSlFla2g0TmxkdUJqb0dSVlE2RUdScGMzQnZjMmwwYVc5dVNTSkxZWFIwWVdOb2JXVnVkRHNnWm1sc1pXNWhiV1U5SW5SbGMzUmZZWFZrYVc4dWJYQXpJanNnWm1sc1pXNWhiV1VxUFZWVVJpMDRKeWQwWlhOMFgyRjFaR2x2TG0xd013WTdCa1k2RVdOdmJuUmxiblJmZEhsd1pVa2lEMkYxWkdsdkwyMXdaV2NHT3daVSIsImV4cCI6IjIwMjAtMDUtMTRUMDA6MzQ6NDUuMDMyWiIsInB1ciI6ImJsb2Jfa2V5In19--b7120a24370e1afd709601363c463950bbb6ad22/test_audio.mp3?content_type=audio%2Fmpeg&disposition=attachment%3B+filename%3D%22test_audio.mp3%22%3B+filename%2A%3DUTF-8%27%27test_audio.mp3
Completed 302 Found in 21681ms (ActiveRecord: 54.2ms)
Started GET "/rails/active_storage/disk/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaDdDRG9JYTJWNVNTSWRXRzlCT1V3MllrSkdja1ZsUW5WSFRWSlFla2g0TmxkdUJqb0dSVlE2RUdScGMzQnZjMmwwYVc5dVNTSkxZWFIwWVdOb2JXVnVkRHNnWm1sc1pXNWhiV1U5SW5SbGMzUmZZWFZrYVc4dWJYQXpJanNnWm1sc1pXNWhiV1VxUFZWVVJpMDRKeWQwWlhOMFgyRjFaR2x2TG0xd013WTdCa1k2RVdOdmJuUmxiblJmZEhsd1pVa2lEMkYxWkdsdkwyMXdaV2NHT3daVSIsImV4cCI6IjIwMjAtMDUtMTRUMDA6MzQ6NDUuMDMyWiIsInB1ciI6ImJsb2Jfa2V5In19--b7120a24370e1afd709601363c463950bbb6ad22/test_audio.mp3?content_type=audio%2Fmpeg&disposition=attachment%3B+filename%3D%22test_audio.mp3%22%3B+filename%2A%3DUTF-8%27%27test_audio.mp3" for ::1 at 2020-05-13 20:29:46 -0400
Processing by ActiveStorage::DiskController#show as MP3
Parameters: {"content_type"=>"audio/mpeg", "disposition"=>"attachment; filename=\"test_audio.mp3\"; filename*=UTF-8''test_audio.mp3", "encoded_key"=>"eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaDdDRG9JYTJWNVNTSWRXRzlCT1V3MllrSkdja1ZsUW5WSFRWSlFla2g0TmxkdUJqb0dSVlE2RUdScGMzQnZjMmwwYVc5dVNTSkxZWFIwWVdOb2JXVnVkRHNnWm1sc1pXNWhiV1U5SW5SbGMzUmZZWFZrYVc4dWJYQXpJanNnWm1sc1pXNWhiV1VxUFZWVVJpMDRKeWQwWlhOMFgyRjFaR2x2TG0xd013WTdCa1k2RVdOdmJuUmxiblJmZEhsd1pVa2lEMkYxWkdsdkwyMXdaV2NHT3daVSIsImV4cCI6IjIwMjAtMDUtMTRUMDA6MzQ6NDUuMDMyWiIsInB1ciI6ImJsb2Jfa2V5In19--b7120a24370e1afd709601363c463950bbb6ad22", "filename"=>"test_audio"}
Completed 200 OK in 1ms (ActiveRecord: 0.0ms)
I was thinking of adding a callback to ActiveStorage::Blob Load, that +1 a counter attribute in the Post model. My idea was to use after_find but I am not sure where I should add it.
Any other suggestions are very much appreciated.
How about providing new member action for posts_controller and use rails_blob_path helper?
in routes.rb definition
resources :posts do
member do
get :download
end
end
in controller
class PostsController::ApplicationController
def download
post = Post.find params[:id]
# counter business logic here
post.increment(:download_counter)
rails_blob_path(post.audio_file, disposition: "attachment")
end
end
Related
I've been banging my head against this wall trying to figure out what's going on and would appreciate the help of someone with more experience.
Here's what's going on,
I'm trying to use the ActiveStorage::DirectUploadsController to upload an image. Here's what my custom controller looks like:
class DirectUploadsController < ActiveStorage::DirectUploadsController
# Should only allow null_session in API context, so request is JSON format
protect_from_forgery with: :null_session, if: proc { |c| c.request.format == 'application/json' }
before_action :authenticate_request
private
def authenticate_request
user = AuthorizeApiRequest.call(request.headers).result
render json: { error: 'Not Authorized' }, status: 401 unless user
end
end
However, when hitting the endpoint with a jpeg, I get the following:
Started POST "/direct_uploads" for ::1 at 2020-04-17 17:42:40 -0400
Processing by DirectUploadsController#create as JSON
Parameters: {"blob"=>{"filename"=>"image_picker_1249334B-5119-4F5E-91FB-99D55063495C-37712-0000F8C231364FA5.jpg", "content_type"=>"image/jpeg", "byte_size"=>1476387, "checksum"=>"33cpsUeaiJpTT+o6MkZlAQ=="}, "direct_upload"=>{"blob"=>{"filename"=>"image_picker_1249334B-5119-4F5E-91FB-99D55063495C-37712-0000F8C231364FA5.jpg", "content_type"=>"image/jpeg", "byte_size"=>1476387, "checksum"=>"33cpsUeaiJpTT+o6MkZlAQ=="}}}
Can't verify CSRF token authenticity.
User Load (0.5ms) SELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT ? [["id", 1], ["LIMIT", 1]]
↳ app/commands/authorize_api_request.rb:19:in `user'
(0.1ms) begin transaction
ActiveStorage::Blob Create (1.5ms) INSERT INTO "active_storage_blobs" ("key", "filename", "content_type", "byte_size", "checksum", "created_at") VALUES (?, ?, ?, ?, ?, ?) [["key", "2qcdc5dzs615rkxf5xgptki4l5pe"], ["filename", "image_picker_1249334B-5119-4F5E-91FB-99D55063495C-37712-0000F8C231364FA5.jpg"], ["content_type", "image/jpeg"], ["byte_size", 1476387], ["checksum", "33cpsUeaiJpTT+o6MkZlAQ=="], ["created_at", "2020-04-17 21:42:41.075445"]]
(10.2ms) commit transaction
Disk Storage (4.8ms) Generated URL for file at key: 2qcdc5dzs615rkxf5xgptki4l5pe (http://localhost:3000/rails/active_storage/disk/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaDdDVG9JYTJWNVNTSWhNbkZqWkdNMVpIcHpOakUxY210NFpqVjRaM0IwYTJrMGJEVndaUVk2QmtWVU9oRmpiMjUwWlc1MFgzUjVjR1ZKSWc5cGJXRm5aUzlxY0dWbkJqc0dWRG9UWTI5dWRHVnVkRjlzWlc1bmRHaHBBeU9IRmpvTlkyaGxZMnR6ZFcxSkloMHpNMk53YzFWbFlXbEtjRlJVSzI4MlRXdGFiRUZSUFQwR093WlUiLCJleHAiOiIyMDIwLTA0LTE3VDIxOjQ3OjQxLjExMVoiLCJwdXIiOiJibG9iX3Rva2VuIn19--b2c1b25a821e7ef4b150012ad33d28e5bb6752e8)
Completed 200 OK in 439ms (Views: 1.9ms | ActiveRecord: 14.4ms | Allocations: 20173)
Started PUT "/rails/active_storage/disk/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaDdDVG9JYTJWNVNTSWhNbkZqWkdNMVpIcHpOakUxY210NFpqVjRaM0IwYTJrMGJEVndaUVk2QmtWVU9oRmpiMjUwWlc1MFgzUjVjR1ZKSWc5cGJXRm5aUzlxY0dWbkJqc0dWRG9UWTI5dWRHVnVkRjlzWlc1bmRHaHBBeU9IRmpvTlkyaGxZMnR6ZFcxSkloMHpNMk53YzFWbFlXbEtjRlJVSzI4MlRXdGFiRUZSUFQwR093WlUiLCJleHAiOiIyMDIwLTA0LTE3VDIxOjQ3OjQxLjExMVoiLCJwdXIiOiJibG9iX3Rva2VuIn19--b2c1b25a821e7ef4b150012ad33d28e5bb6752e8" for ::1 at 2020-04-17 17:42:41 -0400
Processing by ActiveStorage::DiskController#update as HTML
Parameters: {"encoded_token"=>"eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaDdDVG9JYTJWNVNTSWhNbkZqWkdNMVpIcHpOakUxY210NFpqVjRaM0IwYTJrMGJEVndaUVk2QmtWVU9oRmpiMjUwWlc1MFgzUjVjR1ZKSWc5cGJXRm5aUzlxY0dWbkJqc0dWRG9UWTI5dWRHVnVkRjlzWlc1bmRHaHBBeU9IRmpvTlkyaGxZMnR6ZFcxSkloMHpNMk53YzFWbFlXbEtjRlJVSzI4MlRXdGFiRUZSUFQwR093WlUiLCJleHAiOiIyMDIwLTA0LTE3VDIxOjQ3OjQxLjExMVoiLCJwdXIiOiJibG9iX3Rva2VuIn19--b2c1b25a821e7ef4b150012ad33d28e5bb6752e8"}
Completed 422 Unprocessable Entity in 1ms (ActiveRecord: 0.0ms | Allocations: 218)
It looks like the first request succeeds, then an internal call is made from within the ActiveStorage gem that fails. I've done some digging, and the only similar issue I could find is here: https://github.com/rails/rails/issues/34058
It seems this check fails, causing the 422: https://github.com/rails/rails/blob/bfea0af4ba7d717d6a065b4370e3ccfd8869dde6/activestorage/app/controllers/active_storage/disk_controller.rb#L22-L26
After debugging, it seems this check is failing: token[:content_length] == request.content_length, because token[:content_length] is correct but request.content_length is 0.
I'm not really sure where to look next, I think I found the source of the request but content_length is set correctly from what I can tell. Any idea what's going on?
I'm making the request from a Flutter frontend using this package: https://pub.dev/packages/active_storage/. I'd love to test the API directly using Postman but I can't seem to find any info on the request format.
In case you still have this issue, I forked the active_storage library, to set a Content-Length header as the file is being streamed to Rails. Fork is available here: https://github.com/leesus/dart-active-storage
The link_to in my user name is creating an error and I don't know why.
Error:
Couldn't find StripeAccount without an ID
Controller:
this is inside a separate controller from the StripeAccount controller
def settings
#user = current_user.id
#stripe_account = StripeAccount.find(params[:stripe_account_id])
end
I have tried "#stripe_account = StripeAccount.find(params[:id])" with the same error
View:
<%= link_to user_stripe_account_path(#user, #stripe_account) %>
I have tried using #stripe_account.id, etc.
Models:
stripe_account::
belongs_to :user, optional: true
user::
has_one :stripe_account
Routes:
resources :users do
resources :stripe_accounts
end
Error when i try loading the /settings page:
Here's the CMD from when I use: #stripe_account = StripeAccount.find(params[:stripe_account_id])
app/controllers/dashboard_controller.rb:18:in `settings'
Started GET "/settings" for 127.0.0.1 at 2018-11-17 06:27:04 -0500
Processing by DashboardController#settings as HTML
User Load (0.3ms) SELECT "users".* FROM "users" WHERE "users"."id" = ? ORDER BY "users"."id" ASC LIMIT ? [["id", 2], ["LIMIT", 1]]
↳ app/controllers/dashboard_controller.rb:17
Completed 404 Not Found in 3ms (ActiveRecord: 0.3ms)
ActiveRecord::RecordNotFound (Couldn't find StripeAccount without an ID):
app/controllers/dashboard_controller.rb:18:in `settings'
When i use #stripe_account = StripeAccount.find(params[:id])
ActiveRecord::RecordNotFound (Couldn't find StripeAccount without an ID):
app/controllers/dashboard_controller.rb:18:in `settings'
Started GET "/settings" for 127.0.0.1 at 2018-11-17 06:28:21 -0500
Processing by DashboardController#settings as HTML
User Load (0.3ms) SELECT "users".* FROM "users" WHERE "users"."id" = ? ORDER BY "users"."id" ASC LIMIT ? [["id", 2], ["LIMIT", 1]]
↳ app/controllers/dashboard_controller.rb:17
Completed 404 Not Found in 3ms (ActiveRecord: 0.3ms)
ActiveRecord::RecordNotFound (Couldn't find StripeAccount without an ID):
app/controllers/dashboard_controller.rb:18:in `settings'
What am i doing incorrectly?
The only issue i can think of that may be happening is rails/ruby is finding the API ID from stripe_account, which contains a bunch of information from stripe... if so, is there a way i can specifically state using the ID from the table?
You should be able to do #stripe_account = current_user.stripe_account if you wan't to set the variable to the current_user's stripe account (you have no id param on the request). And I recommend you to use #user = current_user or #user_id = current_user.id since it's confusing to read a variable named #user that has an integer value.
When you define "StripeAccount belongs_to User", by default (it's the convention) ActiveRecord looks for a user_id column on stripe_accounts table.
I'd recommend you to read this https://guides.rubyonrails.org/association_basics.html. It explains all types of associations and you can configure your associations even if they are not conventional (different class names, no _id column, etc).
After many attempts, i got one way to work. I'm not sure how efficient this is and i will explore more options.
This ended up working how i wanted to:
#stripe_account = StripeAccount.find_by(params[:id])
The key was using ".find_by" and not ".find". This allows the link_to to operate and goes to the right location.
Its been some time since I've worked with rails and I am jumping into a "project" for a company I work for..
Essentially what I am trying to do is redirect a user who logs in to the app to a specific page upon login..
For example an admin user will be redirected to an admin dashboard, an owner will be redirected to an owner dashboard and a driver to a driver dashboard..
Ive done this in the past using a single view and then filling it with elseif statements. But I found that to make my code look clunky and slow the app down.
I cant seem to find any docs (probably because I've been out of the game so long) on how to redirect to a specific url based on a user role.. Is this even possible? if so would someone be willing to share some resources as I am reaally struggling in this department.
Thanks in advance!
EDIT 1: Implemented ApplicationController method to find user role and redirect to appropriate page.
so I have added a few lines of code to my ApplicationController
class ApplicationController < ActionController::Base
protect_from_forgery with: :exception
def after_sign_in_path_for(resource)
if current_user.role == "dispatch"
dashboard_dispatch_path
else
root_path
end
end
end
when I try to load the page, the url in the browser changes to the proper url, however I get the following error:
the stack trace from rails server:
Started POST "/users/sign_in" for 127.0.0.1 at 2018-04-01 12:10:58 -0600
Processing by Devise::SessionsController#create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"LJSAbgb3spFs0kEgFMYa40m2TZmZvH7weq53ciuGZAO07SUBgTHdxYTH0+MjRuYZIi+9++zIjnJP2rllVws5DA==", "user"=>{"email"=>"swixxxx#xxxxxltd.com", "password"=>"[FILTERED]", "remember_me"=>"0"}, "commit"=>"Log in"}
User Load (0.8ms) SELECT "users".* FROM "users" WHERE "users"."email" = $1 ORDER BY "users"."id" ASC LIMIT $2 [["email", "swixxxx#xxxxxxltd.com"], ["LIMIT", 1]]
(0.2ms) BEGIN
SQL (0.6ms) UPDATE "users" SET "current_sign_in_at" = $1, "sign_in_count" = $2, "updated_at" = $3 WHERE "users"."id" = $4 [["current_sign_in_at", "2018-04-01 18:10:58.835548"], ["sign_in_count", 2], ["updated_at", "2018-04-01 18:10:58.836544"], ["id", 2]]
(1.0ms) COMMIT
Redirected to http://localhost:3000/dashboard/dispatch
Completed 302 Found in 150ms (ActiveRecord: 2.6ms)
Started GET "/dashboard/dispatch" for 127.0.0.1 at 2018-04-01 12:10:58 -0600
ArgumentError - wrong number of arguments (given 3, expected 0):
app/controllers/dashboard_controller.rb:5:in `dispatch'
Started POST "/__better_errors/cda7f553a5c61c4b/variables" for 127.0.0.1 at 2018-04-01 12:10:58 -0600
EDIT 2: adds Controller Code:
class DashboardController < ApplicationController
def admin
end
def dispatch
end
def owner
end
def driver
end
def client
end
def guest
end
end
I have this route that let me build custom url for users like
/thisismyname, and it works fine. But when I look at the log there is
something I don't like...
When I hit /gregory this is what is happenning:
1. Going to public_profile#public # Good
2. hitting /assets and trying to find a user with asset token # Not good
I thought my constraints would avoid this but it doesn't seem like it...
class PublicProfileConstraint
def self.matches?(request)
!['assets', 'admin'].include?(request.session[:token])
end
end
get "/:token" => "profiles#public", :as => :public_profile,
:constraints => PublicProfileConstraint
Here is the log:
Started GET "/gregory" for 127.0.0.1 at 2012-03-05 12:44:43 -0800
Processing by ProfilesController#public as HTML
Parameters: {"token"=>"gregory"}
User Load (0.2ms) SELECT "users".* FROM "users" WHERE
"users"."id" = ? LIMIT 1 [["id", 1]]
User Load (0.3ms) SELECT "users".* FROM "users" WHERE
"users"."token" = 'gregorymarcilhacy' LIMIT 1
Rendered profiles/_modal.haml (0.1ms)
....
Rendered profiles/show.haml within layouts/application (154.7ms)
Completed 200 OK in 431ms (Views: 174.0ms | ActiveRecord: 5.5ms)
... Redering js files ...
# I DONT WANT THIS
Started GET "/assets/" for 127.0.0.1 at 2012-03-05 12:44:45 -0800
Served asset - 404 Not Found (10ms)
Processing by ProfilesController#public as */*
Parameters: {"token"=>"assets"}
User Load (0.2ms) SELECT "users".* FROM "users" WHERE
"users"."id" = ? LIMIT 1 [["id", 1]]
User Load (0.3ms) SELECT "users".* FROM "users" WHERE
"users"."token" = 'assets' LIMIT 1
Redirected to http://localhost:3000/
Completed 302 Found in 312ms
... Rendering images ...
# AND I DONT WANT THIS
Started GET "/" for 127.0.0.1 at 2012-03-05 12:44:45 -0800
Processing by LandingController#landing as */*
User Load (0.3ms) SELECT "users".* FROM "users" WHERE
"users"."id" = ? LIMIT 1 [["id", 1]]
Rendered landing/landing.haml within layouts/landing (0.8ms)
Completed 200 OK in 288ms (Views: 23.5ms | ActiveRecord: 2.2ms)
You are searching request.session for the token, but this will always fail as that's the session store rather than the request parameters. You probably want the equivalent of params[:token] in the constraint class. The request object documentation indicates that request.path_parameters[:token] might contain the value you are looking for.
This is my route:
scope ":username" do
resources :feedbacks
end
So when I go to mydomain.com/test/feedbacks/10 it shows the correct feedback with id=10 that belongs to username=test.
But, if I go to mydomain.com/test2/feedbacks/10 it shows me the same feedback with id=10, which does NOT belong to username=test2.
How do I restrict this from happening?
I am using the Vanity gem to give me the username in the URL, this is what that route looks like:
controller :vanities do
match ':vname' => :show, :via => :get, :constraints => {:vname => /[A-Za-z0-9\-\+\#]+/}
end
Edit 1:
That is to say, for clarity's sake, when I go to mydomain.com/test/feedbacks/10 and /test2/feedbacks/10, it shows me the same view for the same record (in which case, the latter version would be wrong because it should be telling me that no such record exists, but it's not. It is just displaying the correct record for test/feedbacks/10).
Edit 2:
Here are the logs of both requests:
The right request
Started GET "/test-3/feedbacks/7" for 127.0.0.1 at 2011-09-14 02:48:15 -0500
Processing by FeedbacksController#show as HTML
Parameters: {"username"=>"test-3", "id"=>"7"}
Feedback Load (0.5ms) SELECT "feedbacks".* FROM "feedbacks" WHERE "feedbacks"."id" = ? LIMIT 1 [["id", "7"]]
User Load (0.5ms) SELECT "users".* FROM "users" WHERE "users"."id" = 3 LIMIT 1
Rendered feedbacks/show.html.erb within layouts/application (36.2ms)
Completed 200 OK in 188ms (Views: 184.3ms | ActiveRecord: 1.8ms)
The wrong request
Started GET "/test2/feedbacks/7" for 127.0.0.1 at 2011-09-14 02:48:28 -0500
Processing by FeedbacksController#show as HTML
Parameters: {"username"=>"test2", "id"=>"7"}
Feedback Load (0.1ms) SELECT "feedbacks".* FROM "feedbacks" WHERE "feedbacks"."id" = ? LIMIT 1 [["id", "7"]]
User Load (0.2ms) SELECT "users".* FROM "users" WHERE "users"."id" = 3 LIMIT 1
Rendered feedbacks/show.html.erb within layouts/application (37.6ms)
Completed 200 OK in 50ms (Views: 47.5ms | ActiveRecord: 1.2ms)
Your show action should look something like
def show
#user = User.find_by_username(params[:username])
if #user == current_user
...
render "show"
else
flash[:alert] = "Record doesn't exist"
redirect_to root_path
end
end
I took the liberty of adding in #Benoit's suggestion.