Syntax to allow admin to see all pages - ruby-on-rails

I want to display the page if the page is public. If the user of the page is trying to view the page if it's private and if it's the admin trying to view the page.
I have written
<% if #user.is_public == true || session[:user_id] == #user.id %>
<%= render "public_page" %>
<% else %>
Private Page
<%end%>
I don't know how to add something like below to the mix. Any ideas?
<% unless session[:site_admin] %>
The purpose is to allow the site admin to view all private pages.

Just add the check to the if:
<% if #user.is_public == true || session[:user_id] == #user.id || session[:site_admin] %>
<%= render "public_page" %>
<% else %>
Private Page
<%end%>
Btw, the more ruby way of naming is_public method would be public?
Btw btw, if your project is big and you want solid permission management it's a good practice to use Devise gem combined with CanCanCan. You then define all permissions in a single place, models/ability.rb and check permissions with can? :read, #post.

Related

How to hide an element if it's being viewed from a certain route?

I've got a partial with a form in it. I would like to have control over which routes admin users are able to view this form in.
There are two routes, advertisements/show, and advertisements/admin-edit. The partial is displayed in both views.
I tried doing
<%= unless current_user.admin %>
# display section of partial
<% end %>
but this isn't optimal because it stop admins from being able to test the application from the advertisements/show route.
Is there a way to hide the form if the current path is admin_edit_path?
try this one:
<% unless params[:action] == 'edit' && params[:controller] == 'admin' %>
# display partial
<% end %>```
<% unless current_page?(controller: 'advertisements', action: 'admin_edit') %>
#display partial
<% end %>

<% if current_user.id == #status.user_id %> when user not signed in

Currently, I have in my 'show' view for a question model
<% if current_user.id == #question.user_id %>
<%= link_to 'Edit', edit_question_path(#question) %>
<% else %>
<% end %>
To allow the user that created the question to edit it. This works fine when a user is logged in.
However, if a guest is not logged in. I get this error:
NoMethodError in Questions#show
undefined method `id' for nil:NilClass
It doesn't seem to like this line
<% if current_user.id == #question.user_id %>
Can anyone advise a rewrite to get this to work with guest users too?
Thanks
Why not do something like <% if current_user == #question.user %>? Take out the IDs.
Or if you really want the IDs. something like <% if current_user.present? && current_user.id == #question.user_id %>
In a helper
def current_user?(user)
current_user && current_user == user
end
Then in the view
<% if current_user?(#question.user) %>
You can't have an user.id if the user is not in the database. There is a good screencast about this: http://railscasts.com/episodes/393-guest-user-record?view=asciicast
#BillyChan - for that requirement, i would allow upvoting if someone isn't signed in. No need to create an unsaved user record. I'd probably want to use cookies to stop people multiple-upvoting, but to be honest i'd probably argue with the client that we shouldn't let people upvote without being logged in.
Use this
<% if current_user.present? && current_user.id == #question.user_id %>

Rails if statement for current user profile view and other users

Hi I'm having some trouble getting different views to display based on whether or not the user being viewed is the logged in user.
I'm using Rails 3.2 and Devise
I've tried the code below but it always returns the template for the logged in user (where I have edit info links) rather than the one for the other users.
<% if user = current_user %>
<%= render 'users/myprofile' %>
<% else %>
<%= render 'users/viewprofile' %>
<% end %>
Thanks very much
The statement should be..
<% if user == current_user %>
The reason being, = is for assignment, == is for comparison.
Check the sign of comparison. You have used equals to sign.
<% if user == current_user %>
= sign assigns the current user to user variable. Hence the condition will always be true unless there is no current user.

if current_user.id = #game.user_id

I have links to the show pages for each game in my project and if the
games user_id matches the id of the currently signed in user then I want
it to display the edit button if they are not then it shouldn't display.
I currently have the following code set but it doesn't work. Every game
has the edit button display. The code is as followed:
<% if current_user.id = #game.user_id %>
<div id="text3"><%= link_to 'Edit', edit_game_path(#game) %></div><br />
<% end %>
Any ideas?
MrDanA's answer is most probably the error, but you may want to make this code better. Checking like that is not the Rails way of doing it. Instead, make a User instance method like :
def has_game?(game)
self.games.exists?(:id => game.id)
end
and then in your view :
<% if current_user.has_game?(#game) %> ...
(can even be better by further delegating exists into the game model, as a scope or so, if you like)
You want ==
So:
<% if current_user.id == #game.user_id %>

Testing against the 'current_user' with Devise in Rails 3

I'm just starting out with Ruby and Rails, trying out Devise with Rails 3. I've got a loop around a list of Posts, each of which has an associated user. I only want to display editing controls for those posts which are associated with the current user.
<% #posts.each do |post| %>
<%= link_to "show" %>
<% if current_user = post.user %>
<%= link_to "edit" %>
<% end %>
<% end %>
(The above is simplified, and from memory, so I'm sure the syntax isn't entirely right - but you get the gist.)
If no user is logged in, the posts show as intended - there's a Show link, but no Edit link. However, if I am logged in at all, all of the Edit links show up, even fir posts created by a different user.
I've verified in the console that User.find(1) != User.find(2), but for some reason the current_user = post.user evaluates to true no matter who is currently logged in. Is this to do with current_user being a helper as opposed to a "real" user object? How can I use current_user to get at the ACTUAL current user to make my comparison?
Thanks,
Dan
You're assigning rather than testing - use == - i.e.
<% if current_user == post.user %>

Resources