Rails issues with authentication - ruby-on-rails

I am building my first app using rails and i am struggling to give an account to each user. Its a simple app where a user creates a post and saves it. this post can be seen on index page. Until now we are ok. when i sign out, i register a new user and i log in. when i go to the index page, i can see what other user has saved. I want to have a private index page for each user where no one can see what users are saving in their app. I am using Gem 'Device" to authenticate my app, but i don't know how to make private their account? any ideas?

You have implemented authentication. Now you need to build authorization.
You have to define what data can be accessed by user.
Take a look at:
CanCanCan

With devise authentication technique, after logging in the user you can write a clean piece of code to render the posts of the logged in user. You can use session data to do it. the current_user helper method returns the model class relating to the signed in user. With devise, it ensures after authentication that, it has the helper methods ready to be used. So, the error with no such user with that id can be avoided.
#web/controller/post_controller.rb
before_filter :authenticate_user!
def list
#posts = current_user.posts
end
And then, use #posts in the list view to render the posts of the logged in user only.
<% #posts.each do |post| do%>
<%= post.content %>
<% end %>

Related

I want to change the page view based on whether the user is an admin

In rails, I have a model for users which has a flag for admins (yes, no). If the logged_in user is an admin, I'd like to be able to show different elements of the page using erb.
I'm currently doing this with logg in users vs non logged in users using this code
<% if current_user %>
But how would I specify if current_user is admin in the erb?
Or, is erb the best place to do this since it is exposed to the browser? If not, any suggestions for other ways to accomplish this in the model or controller?
I'm not using Devise for the user authentication currently.
When you say they have a flag, does that mean they have an attribute called admin?
If so, any model with a boolean in rails, you can check with:
<% if current_user.admin? %>
If there is another way of determining whether the user is an admin or not, you'll need to add an admin? method to the user class, which you can use to determine their status in the view.
You can use user is_admin column name in views.
<% if current_user.is_admin? %>

How to access current user with Devise

I am using devise as well as ldap in my application to authenticate users. I have got the users model set up as well as devise. I can properly sign in and sign out users but I cannot access any information for the devise built in helper; current_user.
I want the main page of the application to show the current users name at the top of the page. I have created the column in the users table called display_name.
This is the code that I want to work:
<% if user_signed_in? %>
<div> <%= current_user.display_name %> </div>
<% end %>
When I used byebug and try to access the current user it returns nil.
Does anyone have any suggestions on how I can access the current users information?
Update
I tried using: <% if signed_in %>
but i still get the same error: undefined method `display_name' for nil:NilClass
devise documentation says:
If your devise model is something other than User, replace "_user"
with "_yourmodel".
Is your model User? If not, you need to use the appropriate helper method.
Which LDAP gem are you using? devise_ldap_authenticatable ?
You will need to define an instance variable #current_user in your ApplicationController, and set it to the correct user record based on the LDAP account which authenticated.
Then, during sign-in you need to set the value of #current_user, and during sign-out you need to set it to nil.
So for sign-in and sign-out you would have to implement this in Session#create and Session#destroy

Helper method for url?

I have multiple fields for social networking websites where users can enter their username and it would link to their twitter, facebook, myspace account etc. My problem is how can I have it so when a user enters their username I can link to their account.
Here's what I have and I know this is probably not correct. In my profile index.html
<%= link_to twitter_url %>
profile helper method
def twitter_url
return(self.url= "http://twitter.com/#{profile.twitter}/account")
end
In my profile controller
include ProfilesHelper
The actual field in database is called
twitter_link
How can I get the just the user username then on my part which will do the rest link to their twitter, facebook etc account page?
How is that method supposed to know what the profile object is without you passing it in?
I'm imagining there being a #profile variable defined in your controller. In the view, you would have this:
<%= link_to twitter_url %>
And in the helper, this:
def twitter_url
"http://twitter.com/#{#profile.twitter_link}/account"
end
Note here that you don't need to set self.url or have an explicit return. This is because the method will automatically return a String which is what link_to takes.
If you want this method to be in a helper that's available in just your ProfileController, then why not put it inside ProfileHelper so that it's automatically included just by being related by name?

Making sure I got the idea . - Ruby on rails login system

I am currently reading a book, and learning ruby on rails. (Agile Web Development with Rails 4th Edition) .In the book it says how to write a simple product list and display it. I am modifying this idea, to create a user login system.
I am only working on the views now.
So I just need to make sure that my idea is right. My idea is:
The show.html file from the USER model, show data for one user. (given of course its ID)
for example : http://localhost:3000/users/980190974 will give me the html page for the current user right? Now I can allow the user to edit his/her information by using the
<%= link_to 'Edit', edit_user_path(#user) %> link or restrict him from viewing other users by removing the <%= link_to 'Back', users_path %> << that lists all the users from the database. But before the user views his/her details he must login, using his email and password. So by making an html page, that takes 2 strings (username, and password) searches my mySQL database and return the user ID , that I then use to "render" the user's HTML page.
Is my way of thinking correct? Or am I just completely irrelevant on how Ruby on Rails works? O_o
You are heading in the right direction. One thing to point out is that simply removing the link <%= link_to 'Back', users_path %> is not sufficient to avoid other users from accessing the /users path. In the (user) controller you have to use something like:
class UserController < ApplicationController
def index
unless current_user.is_admin
redirect_to user_path(current_user)
return
end
... rest of code here
end
end
where current_user could be a method returning the user object

Devise. Registration and Login at the same page

I'm trying to integrate Devise into my application. I need implement login form at top of the page (I've implemented this form into layout page) and I've implemented registration which contains registration form.
But it shows validation errors for both form when I tried submit incorrect registration data.
Without more information, it's hard to guess what the problem is. I've found the Wiki pages to be really helpful (and increasingly so), though you may have already looked them over:
Devise Wiki Pages
Two pages that might be relevant to your needs:
Display a custom sign_in form anywhere in your app
Create custom layouts
Hope this helps!
-- ff
The problem of seeing the validation errors for both forms stems from the 2 things. First, devise forms use a generic 'resource' helper. This creates a User object, and that same user objet gets used for both the sign up and the sign in form. Second, devise errors are typically displayed using the 'devise_error_messages!' helper which uses that same shared resource.
To have sign in and sign up on the same page you need to create different user objects for each form, and a new way of displaying the error messages.
First off, you'll need to create your own registration controller (in app/controllers/users/)
class Users::RegistrationsController < Devise::RegistrationsController
include DevisePermittedParameters
protected
def build_resource(hash=nil)
super
# Create an instance var to use just for the sign up form
#sign_up_user = self.resource
end
end
And update your routes file accordingly
devise_for :users, controllers: {
registrations: 'users/registrations'
}
Next you'll need your own error messages and resource helpers. Create a new helper like devise_single_page_helper.rb and add the following:
module DeviseSinglePageHelper
def devise_error_messages_for_same_page(given_resource)
return "" if given_resource.errors.empty?
messages = given_resource.errors.full_messages.map { |msg| content_tag(:li, msg) }.join
sentence = I18n.t("errors.messages.not_saved",
count: given_resource.errors.count,
resource: given_resource.class.model_name.human.downcase)
html = <<-HTML
<div id="error_explanation">
<h2>#{sentence}</h2>
<ul>#{messages}</ul>
</div>
HTML
html.html_safe
end
def sign_up_user
#sign_up_user ||= User.new(username: 'su')
end
def sign_in_user
#sign_in_user ||= User.new(username: 'si')
end
end
Finally, in your views, update your forms like so:
-# The sign up form
= simple_form_for(sign_up_user, url: registration_path(resource_name)) do |f|
-#...
= devise_error_messages_for_same_page(sign_up_user)
-# The sign in form
= simple_form_for(sign_in_user, url: sessions_path(resource_name)) do |f|
#...
= devise_error_messages_for_same_page(sign_in_user)
All of this together gives you 2 different objects - 1 for sign up and 1 for sign in. This will prevent the error messages from one showing in the other. Please note that recommend putting both forms on your sign in page (and perhaps having the default sign up page redirect to the sign in page) because by default a failed sign in attempt will redirect to the sign in page.
You should have two forms on the page — one for signing up and one for registering. If you want a single form and multiple potential actions you are going to need a couple buttons that get handled client side and change the form's action & method to the appropriate route depending you want to create a user or a session.
If you think you did this already, the problem almost certainly lies in your code. If you were to share it with us we could perhaps point out something you may have missed.

Resources