I'm building an app which has users, pages and groups. I want users to be able to message the pages, and for the admins of pages to be able to reply as the page, as is done on Facebook. I'm not really sure how to go about this in Rails though. Does anybody know how this is done on Facebook? Would the user session be destroyed and another session created for the page, through an admin column? That's the only way I can think of it being done, but am not sure how to go about this using Devise.
Any help would be greatly appreciated.
You can use some kind of "context switching" method. i.e: I'm logged in as a user, but I can switch my context to a page if I'm one of the page admins. Switching contexts can be handled using namespaces.
You may also check mailboxer gem, it allows objects to message each other. i.e: a user can message a page and you can set it up so page admins are notified if there's a new message. If you're a page admin, you can switch your context to a page and reply to the message, and so on.
Related
Let's say I have Blog app built with Rails and on a post created by a user(Author) I have a "Request a chat" button.
I want to build a small function on that post page that when User A presses that button, the page will redirect to or open a chatbox that connect User A with user Author?
Author is a devise registered user and User A is not.
How would I build something like that? Thanks
I think it's weird having a devise registered user and a non devise user unless you mean User A is just an unregistered guest. Either way, it's not a big deal and it can be done.
The way you would put together that system is as follows:
OpenChat # your new data model
OpenChatsController # your new controller
"Request a chat" would create a new OpenChat object, with author and guest A foreign keys. If User A is a guest, you can store a cookie "password" in their browser but generally it's only advisable if the conversation is brief and security isn't a big deal.
Then you would be able to check if there is an open chat between the two users and display it in any page you want, and display messages appropriately.
You will need to look up how to setup a basic chat system (there are a million answers out there that will take you step by step) as that's beyond the scope of this question.
If you are new to Rails, I also recommend Michael Hartl's Ruby on Rails tutorial:
https://www.railstutorial.org/
I have gone a good distance in spring-security-core-2.0-RC5 (SSC) with Grails 2.5, but still a lot to cover. I am wondering how to achieve two tasks. So far and after integrating SSC in my project, I built a dispatcher that takes care of routing users to different landing pages according to their roles. This link shows how I do it. What I am wondering how others are doing is these two tasks:
How to customize the landing page. For example, instead of the typical "Please Login", I need to say "Please login using your provided username and password" plus an image or something. This means I have to override (or overwrite) the existing login page. What is the best way to do this?
The more important. When a user is logged in, I route them to different pages based on their roles, or even log them out if their account is !enabled. However, what I can't do is be in control when the user has no credentials at all. What I would like to do is instead of displaying the typical "Sorry, we were not able to find a user with that username and password.", I would like to intercept the behaviour and perform some actions before redirecting users to the logout/login page (actions like a web service request for example). How can I achieve this please - to be able to make certain tasks on behalf of non-authorized users?
For Task1 (custom login page) you Just have to place a auth.gsp page in 'app/views/login/auth.gsp'
I'm making a Rails application using Devise. On the user profile page, it provides links for the user to update and delete certain elements of their profile. The links are obviously only visible to the signed-in user whose profile it is. The one disadvantage of this is that it doesn't allow the user to view their profile page from the perspective of a visitor, unless they want to log out and navigate to their profile. Some websites offer a "view your profile" link which allows users to view a page from the perspective of someone else. Is there a way to accomplish this with Rails and Devise?
Sure. You are able to create UsersController with show action. Where you will able to display the information you want.
If you want to manage users through CRUD interface there is a wiki page that may help you.
The url to user's profile can looks like /users/:id or you can define custom route such as /user/unique-username (the last example you can achieve using friendly_id gem)
I am currently doing a project for uploading pics. There are users, albums, and pics. I added a friendship model so that people can friend each other like a social network. However, I noticed that I put a lot of <% if current_user.friends.include?(#user) %> in the view to check if the user of the page I'm showing is a friend of the logged in client, and therefore allowing them to have certain privileges and forms and etc.. Is there a better way or place to do this than to pollute my views with if/else statements ? Also, I don't feel like my method is very secure since someone could always manually enter the url and mess with info that they're not supposed to.
You want an authorization framework such as CanCan.
In an ability file, you configure it that a user can, say, view something or edit some other thing, only if the user is a friend of the owner. Then in the view or the controller, you can just check that the user is authorized to do the appropriate action.
For specific details about setting up an ability based on details of the models (i.e. whether the owner is a friend of the current user), go to this documentation and look for "Hash of Conditions".
Consider using something like the mosaic-access gem, which allows you to white/blacklist controllers and specific actions for the currently logged in user.
I have a form that users can fill out, and hitting the "Create" button will issue a POST request to create a new entry in the database with the form data.
Now, only logged in users should be allowed to create the database entry, but I want all users to be able to fill out the form. Only when clicking "Create" do I want my application to redirect users who are not logged in to the login page. Once logged in, I want to continue processing the POST request and create the database entry, without the user having to enter all the form data again.
What's the best way of handling that? Putting the POST data in the session? But then, after successful login, I want to create the database entry in the original controller/action (so as to not duplicate code), and issuing a POST request from within my application (in the after-successful-login-method) seems strange. Any better ideas?
Thanks!
You're not mentioning how you do your authentication, so i suspect that you do it manually. If you use(and i would strongly recommend you do), a gem like Devise for registration, you just need to add Devise's authentication helper to your controllers, to do that.
To do it manually, every time the user registers, you set a session id variable that is tied to him/her. Then, you just check that to see whether he/she is registered. If not, you just do not allow the action and redirect.