I am using Devise and am trying to allow each User to create 1 Profile. I am able to send the the newly registered User to the page where they can create a Profile, but once the User logs out and back in it will not go to the Profile Show page.
In other words-
I can sign up a new User and send the User to the Create Profile page, then I can create a Profile with the new User(I am not sure the Profile is saving correctly)... After I log out and sign in I recieved the error:
ActiveRecord::RecordNotFound in ProfilesController#show
Couldn't find Profile without an ID
I would like the User to be sent to their Profile Show page...
Any thoughts on the issue?
The code (sorted by files) is below…
user.rb
class User < ActiveRecord::Base
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :trackable, :validatable
attr_accessible :email, :password, :password_confirmation, :remember_me
has_one :profile
end
profile.rb
class Profile < ActiveRecord::Base
attr_accessible :first_name, :last_name
belongs_to :user
end
profiles_controller.rb
class ProfilesController < ApplicationController
# GET /profiles
# GET /profiles.json
def index
#profiles = Profile.all
respond_to do |format|
format.html # index.html.erb
format.json { render json: #profiles }
end
end
# GET /profiles/1
# GET /profiles/1.json
def show
#profile = Profile.find(params[:id])
respond_to do |format|
format.html # show.html.erb
format.json { render json: #profile }
end
end
# GET /profiles/new
# GET /profiles/new.json
def new
#profile = Profile.new
respond_to do |format|
format.html # new.html.erb
format.json { render json: #profile }
end
end
# GET /profiles/1/edit
def edit
#profile = Profile.find(params[:id])
end
# POST /profiles
# POST /profiles.json
def create
#profile = Profile.new(params[:profile])
respond_to do |format|
if #profile.save
format.html { redirect_to #profile, notice: 'Profile was successfully created.' }
format.json { render json: #profile, status: :created, location: #profile }
else
format.html { render action: "new" }
format.json { render json: #profile.errors, status: :unprocessable_entity }
end
end
end
# PUT /profiles/1
# PUT /profiles/1.json
def update
#profile = Profile.find(params[:id])
respond_to do |format|
if #profile.update_attributes(params[:profile])
format.html { redirect_to #profile, notice: 'Profile was successfully updated.' }
format.json { head :no_content }
else
format.html { render action: "edit" }
format.json { render json: #profile.errors, status: :unprocessable_entity }
end
end
end
# DELETE /profiles/1
# DELETE /profiles/1.json
def destroy
#profile = Profile.find(params[:id])
#profile.destroy
respond_to do |format|
format.html { redirect_to profiles_url }
format.json { head :no_content }
end
end
end
registrations_controller.rb
class RegistrationsController < Devise::RegistrationsController
protected
def after_sign_up_path_for(resource)
request.env['omniauth.origin'] || stored_location_for(resource) || new_profile_path
end
end
application_controller.rb
class ApplicationController < ActionController::Base
def after_sign_in_path_for(resource)
request.env['omniauth.origin'] || stored_location_for(resource) || show_path(resource.profile)
end
end
routes.rb
BaseApp::Application.routes.draw do
resources :profiles
get "users/show"
devise_for :users, :controllers => { :registrations => "registrations" }
resources :users
match '/show', to: 'profiles#show'
match '/signup', to: 'users#new'
root to: 'static_pages#home'
match '/', to: 'static_pages#home'
…
end
In your controller you use the following code #profile = Profile.find(params[:id]). When signing in params[:id] must be nil.
It's not nil when you redirect after creating because you send in an id here redirect_to #profile. That translates to redirect_to profile_path(#profile). When you use the /match path there is no id.
So one solution would be to use the helper current_user in the ProfileController's show action. Replace #profile = Profile.find(params[:id]) with #profile = current_user.profile. That might change your desired functionality as it will require a user to be signed in. This will keep the math path (/show url). It works because it no long relies on an id.
You could alternatively change the show_path(resource.profile) to profile_path(resource.profile). That will use the resources profiles path with the url /profiles/:id instead of show/ you were possibly looking for.
With answer #Phil provide I solved another problem in my project. Thanks \o/
ruby 2.0.0p247 (2013-06-27 revision 41674) [x86_64-linux]
Rails 4.0.0
And your case, I solved this way:
Add inverse_of: in user and profile model:
user.rb
class User < ActiveRecord::Base
# Include default devise modules. Others available are:
# :confirmable, :lockable, :timeoutable and :omniauthable
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :trackable, :validatable
has_one :profile, inverse_of: :user
end
profile.rb
class Profile < ActiveRecord::Base
belongs_to :user, inverse_of: :profile
validates :first_name, :user_id, :presence => true
validates :gender, :inclusion => {:in => %w(M F)}
end
In your application_controller.rb
class ApplicationController < ActionController::Base
# Prevent CSRF attacks by raising an exception.
# For APIs, you may want to use :null_session instead.
protect_from_forgery with: :exception
# redirect user after login
def after_sign_in_path_for(resource)
unless current_user.profile.nil?
profiles_path
else
flash[:alert] = "Please complete your profile"
new_profile_path
end
end
# redirect after logout
def after_sign_out_path_for(resource_or_scope)
new_user_session_path
end
end
This works for me, I hope this helps
Related
I wanted to add tags to my products in rails project, so i watched a youtube video how to do it (https://www.youtube.com/watch?v=rzx5MrCa0Pc&t=254s)
I did all he did, but i when i add a new product i get an error -
'New Product
1 error prohibited this product from being saved:
User must exist' , right above my new product form
how do i fix it.
MY ROUTES
Rails.application.routes.draw do
devise_for :users, :controllers => { :registrations => "registrations"}
resources :products
get 'home/ContactUs'
get 'home/Login'
get 'home/Store'
get 'home/blogs'
get 'home/index'
resources :home
root 'home#index'
MY PRODUCT MODEL
class Product < ActiveRecord::Base
belongs_to :user
has_many :taggings, dependent: :destroy
has_many :tags, through: :taggings
def self.tagged_with(name)
Tag.find_by!(name: name).products
end
def all_tags=(names)
# names="music, spotify"
self.tags = names.split(',').map do |name|
Tag.where(name: name).first_or_create!
end
end
def all_tags
tags.map(&:name).join(", ")
end
end
TAG MODEL
class Tag < ApplicationRecord
has_many :taggings, dependent: :destroy
has_many :products, through: :taggings
end
TAGGINGS MODEL
class Tagging < ActiveRecord::Base
belongs_to :product
belongs_to :tag
end
USER MODEL
class User < ActiveRecord::Base
# Include default devise modules. Others available are:
# :confirmable, :lockable, :timeoutable and :omniauthable
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :trackable, :validatable
has_many :products
end
PRODUCT_CONTROLLER
class ProductsController < ApplicationController
# before_action :authenticate_user!
before_action :set_product, only: [:show, :edit, :update, :destroy]
# GET /products
# GET /products.json
def index
if params[:tag]
#products = Product.tagged_with(params[:tag])
else
#products = Product.all
end
end
# GET /products/1
# GET /products/1.json
def show
end
# GET /products/new
def new
#product = Product.new
end
# GET /products/1/edit
def edit
end
# POST /products
# POST /products.json
def create
#product = Product.new(product_params)
respond_to do |format|
if #product.save
format.html { redirect_to #product, notice: 'Product was successfully created.' }
format.json { render :show, status: :created, location: #product }
else
format.html { render :new }
format.json { render json: #product.errors, status: :unprocessable_entity }
end
end
end
# PATCH/PUT /products/1
# PATCH/PUT /products/1.json
def update
respond_to do |format|
if #product.update(product_params)
format.html { redirect_to #product, notice: 'Product was successfully updated.' }
format.json { render :show, status: :ok, location: #product }
else
format.html { render :edit }
format.json { render json: #product.errors, status: :unprocessable_entity }
end
end
end
# DELETE /products/1
# DELETE /products/1.json
def destroy
#product.destroy
respond_to do |format|
format.html { redirect_to products_url, notice: 'Product was successfully destroyed.' }
format.json { head :no_content }
end
end
private
# Use callbacks to share common setup or constraints between actions.
def set_product
#product = Product.find(params[:id])
end
# Never trust parameters from the scary internet, only allow the white list through.
def product_params
params.require(:product).permit(:filetype, :title, :img_url, :description, :all_tags, :price, :uploaded_by, :tutorial_url)
end
end
User must exist
The problem is Product belongs to User but you are trying to create the product without passing user_id which will create an orphan product
Solution: Change
def create
#product = Product.new(product_params)
to
def create
#product = current_user.products.new(product_params)
Also, You will need to change set_product method to make sure you can update or delete only products created by user
def set_product
#product = current_user.products.find(params[:id])
end
I am using Ruby on Rails and utilized devise for my log in and registration. After signing up, I get this error message:
NoMethodError in Devise::SessionsController#create undefined method profile_path' for #<Devise::SessionsController:0x007f9425b1f9c0>
I used rails generate scaffold profile and have the following code:
profiles_controller.rb
class ProfilesController < ApplicationController
before_action :set_profile, only: [:show, :edit, :update, :destroy]
def profile
end
# GET /profiles
# GET /profiles.json
def index
#profiles = Profile.all
end
# GET /profiles/1
# GET /profiles/1.json
def show
end
# GET /profiles/new
def new
#profile = Profile.new
end
# GET /profiles/1/edit
def edit
#profile = Profile.find_by user_id: current_user.id
#attributes = Profile.attribute_names - %w(id user_id created_at updated_at)
end
# POST /profiles
# POST /profiles.json
def create
#profile = Profile.new(profile_params)
respond_to do |format|
if #profile.save
format.html { redirect_to #profile, notice: 'Profile was successfully created.' }
format.json { render :show, status: :created, location: #profile }
else
format.html { render :new }
format.json { render json: #profile.errors, status: :unprocessable_entity }
end
end
end
# PATCH/PUT /profiles/1
# PATCH/PUT /profiles/1.json
def update
respond_to do |format|
if #profile.update(profile_params)
format.html { redirect_to #profile, notice: 'Profile was successfully updated.' }
format.json { render :show, status: :ok, location: #profile }
else
format.html { render :edit }
format.json { render json: #profile.errors, status: :unprocessable_entity }
end
end
end
# DELETE /profiles/1
# DELETE /profiles/1.json
def destroy
#profile.destroy
respond_to do |format|
format.html { redirect_to profiles_url, notice: 'Profile was successfully destroyed.' }
format.json { head :no_content }
end
end
private
# Use callbacks to share common setup or constraints between actions.
def set_profile
#profile = Profile.find(params[:id])
end
# Never trust parameters from the scary internet, only allow the white list through.
def profile_params
params[:profile]
end
end
application_controller.rb
class ApplicationController < ActionController::Base
# Prevent CSRF attacks by raising an exception.
# For APIs, you may want to use :null_session instead.
protect_from_forgery with: :exception
before_filter :configure_permitted_parameters, if: :devise_controller?
protected
def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_up) << :name
devise_parameter_sanitizer.for(:account_update) << :name
end
def after_sign_in_path_for(resource)
profile_path(resource)
end
def after_sign_up_path_for(resource)
profile_path(resource)
end
end
profile.rb
class Profile < ActiveRecord::Base
belongs_to :user
end
user.rb
class User < ActiveRecord::Base
# Include default devise modules. Others available are:
# :confirmable, :lockable, :timeoutable and :omniauthable
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :trackable, :validatable
has_many :pins, dependent: :destroy
validates :name, presence: true
has_one :profile
before_create :build_profile #creates profile at user registration
end
routes.rb
Rails.application.routes.draw do
resources :profiles, only: [:edit]
resources :pins
devise_for :users
#devise_for :installs
root "pins#index"
get "about" => "pages#about"
Thanks.
You need to use the plural: profiles_path rather than profile_path, in application_controller.rb.
I'm creating my own blog on Rails with posts and users. I need to show all posts from specific author when I click on him (here the concept:link). What should I do for this?
Please say what extra information or code should I add
users_controller:
class UsersController < ApplicationController
def show
#user = User.find(params[:id])
#posts = #user.posts
end
end
posts_controller:
class PostsController < ApplicationController
before_filter :authenticate_user!, :except => [:show, :index]
# GET /posts
# GET /posts.json
def index
#posts = Post.all
respond_to do |format|
format.html # index.html.erb
format.json { render json: #posts }
end
end
# GET /posts/1
# GET /posts/1.json
def show
#post = Post.find(params[:id])
respond_to do |format|
format.html # show.html.erb
format.json { render json: #post }
end
end
# GET /posts/new
# GET /posts/new.json
def new
#post = Post.new
respond_to do |format|
format.html # new.html.erb
format.json { render json: #post }
end
end
# GET /posts/1/edit
def edit
#post = Post.find(params[:id])
end
# POST /posts
# POST /posts.json
def create
##post = Post.new(params[:post])
#post = current_user.posts.build(params[:post])
respond_to do |format|
if #post.save
format.html { redirect_to #post, notice: 'Post was successfully created.' }
format.json { render json: #post, status: :created, location: #post }
else
format.html { render action: "new" }
format.json { render json: #post.errors, status: :unprocessable_entity }
end
end
end
# PUT /posts/1
# PUT /posts/1.json
def update
#post = Post.find(params[:id])
respond_to do |format|
if #post.update_attributes(params[:post])
format.html { redirect_to #post, notice: 'Post was successfully updated.' }
format.json { head :no_content }
else
format.html { render action: "edit" }
format.json { render json: #post.errors, status: :unprocessable_entity }
end
end
end
# DELETE /posts/1
# DELETE /posts/1.json
def destroy
#post = Post.find(params[:id])
#post.destroy
respond_to do |format|
format.html { redirect_to posts_url }
format.json { head :no_content }
end
end
end
user model:
class User < ActiveRecord::Base
# Include default devise modules. Others available are:
# :token_authenticatable, :confirmable,
# :lockable, :timeoutable and :omniauthable
has_many :posts, :dependent => :destroy
validates :fullname, :presence => true, :uniqueness => true
validates :password, :presence => true
validates :email, :presence => true, :uniqueness => true
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :trackable, :validatable
attr_accessible :email, :password, :password_confirmation, :fullname
end
post model:
class Post < ActiveRecord::Base
attr_accessible :text, :title
validates :user_id, :presence => true
validates :title, :presence => true
validates :text, :presence => true
belongs_to :user
has_many :comments
end
This is a fairly straight forward use of Ruby on Rails. I recommend reading Active Record Basics to get up to speed.
First, you should have a belongs_to relationship between Posts and Users that looks like this:
class User < ActiveRecord::Base
has_many :posts
end
class Post < ActiveRecord::Base
belongs_to :user
end
This adds a .posts method to the User instance and a .user method to the Post instance.
Then you have to make a decision about how you want the URL structure of your application to work. Here are a few options from the top of my head:
/posts?user=:user_id
/posts/by/:user_id
/users/:id/posts
Given the relationship between a User and their Posts, my recommendation (and I believe the general "Rails Way") would be #3. So, let's add the routes to config/routes.rb:
The short way to create JUST that route:
get 'users/:id/posts' => 'users#posts', :as => :user_posts
The long way to create the route based on resources:
resources :users do
member do
get :posts
end
end
Both approaches will provide a helper method called user_posts_path and one called user_posts_url which can be used in your view to link to the list of user posts using the link_to helper method:
<%= link_to post.user.name, user_posts_path(post.user) %>
Now, you have to add the controller action in app/controllers/users_controller.rb:
class UsersController < ActionController::Base
def posts
#user = User.find(params[:id])
#posts = #user.posts
end
end
and then add your HTML/ERB code to app/views/users/posts.html.erb
<% #posts.each do |post| %>
<%= post.inspect %>
<% end %>
That should give you the basic ability to show a user's posts. You can enhance it by reusing a post partial or some other nice shortcuts, but I'll leave that as an exercise for you to figure out.
You need 2 models: User and Post. There is a relation between them: User HAS MANY posts, post BELONGS TO user. To create this relation in a database you should add user_id column to posts table. To do this simply run the following command:
rails generate migration AddUserIdToPosts user_id: integer
Don't forget to run rake db:migrate after that
To create association between models add to the User model:
has_many :posts, dependent: :destroy
And to Post model:
belongs_to :user
Now you can use 'user' method on post and 'posts' method on user. For example in show action of users controller:
#user = User.find(params[:id])
#posts = #user.posts
This links will help you:
http://guides.rubyonrails.org/association_basics.html
http://api.rubyonrails.org/classes/ActiveRecord/Associations/ClassMethods.html
I have a page that has a list of referrals on it. I have a button on each of the referrals that is set to reply to the referral. I don't need any pop up or form to show except for a flash message to show the user has successfully replied to the referral and toggling a class on the button when a user replies. Upon replying to the referral, email(is index for the table) is passed, referralid is also passed to the reply table. I have tried many methods, but I'm getting nowhere with the controllers. I created proper associations on the models, but still getting nowhere in the controller logic to create a reply record for every reply. Here are my models:
Referral Model
class Referral < ActiveRecord::Base
attr_accessible :referraltype
belongs_to :user
validates :user_id, presence: true
has_many :replies
def nil_zero?
self.nil? || self == 0
end
end
User Model
class User < ActiveRecord::Base
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :trackable, :validatable, :omniauthable
attr_accessible :name, :email, :password, :password_confirmation, :remember_me, :provider, :uid, :image
has_attached_file :image, styles: { medium: "320x320>", thumb: "50x50" }
has_many :referrals
has_many :replies
end
Replies Controller
class RepliesController < ApplicationController
end
Reply Model
class Reply < ActiveRecord::Base
belongs_to :user
belongs_to :referral
end
Referrals Controller
class ReferralsController < ApplicationController
before_filter :authenticate_user!
def reply_to_referral
#referral = Referral.find(params[:referral_id])
#replier_id = params[:replier_id]
#reply = #referral.replies.create(replier_id: #replier_id)
flash[:success] = "Referral reply sent."
redirect_to root_path
end
# GET /referrals
# GET /referrals.json
def index
#referrals = Referral.order("created_at desc")
#referrals
respond_to do |format|
format.html # index.html.erb
format.json { render json: #referrals }
end
end
# GET /referrals/1
# GET /referrals/1.json
def show
#referral = Referral.find(params[:id])
respond_to do |format|
format.html # show.html.erb
format.json { render json: #referral }
end
end
# GET /referrals/new
# GET /referrals/new.json
def new
#referral = current_user.referrals.new
respond_to do |format|
format.html # new.html.erb
format.json { render json: #referral }
end
end
# GET /referrals/1/edit
def edit
#referral = current_user.referrals.find(params[:id])
end
# POST /referrals
# POST /referrals.json
def create
#referral = current_user.referrals.new(params[:referral])
respond_to do |format|
if #referral.save
format.html { redirect_to #referral, notice: 'Referral was successfully created.' }
format.json { render json: #referral, status: :created, location: #referral }
else
format.html { render action: "new" }
format.json { render json: #referral.errors, status: :unprocessable_entity }
end
end
end
# PUT /referrals/1
# PUT /referrals/1.json
def update
#referral = current_user.referrals.find(params[:id])
respond_to do |format|
if #referral.update_attributes(params[:referral])
format.html { redirect_to #referral, notice: 'Referral was successfully updated.' }
format.json { head :no_content }
else
format.html { render action: "edit" }
format.json { render json: #referral.errors, status: :unprocessable_entity }
end
end
end
# DELETE /referrals/1
# DELETE /referrals/1.json
def destroy
#referral = current_user.referrals.find(params[:id])
#referral.destroy
respond_to do |format|
format.html { redirect_to referrals_url }
format.json { head :no_content }
end
end
end
Routes.rb
GemPort::Application.routes.draw do
resources :referrals do
resources :replies
member do
put "reply_to_referral"
end
end
devise_for :users, :controllers => { :omniauth_callbacks => "users/omniauth_callbacks" }
root :to => 'pages#home'
get 'about' => 'pages#about'
end
Migration for the Replies table
class CreateReplies < ActiveRecord::Migration
def change
create_table :replies do |t|
t.references :user
t.references :referral
t.timestamps
end
add_index :replies, :user_id
add_index :replies, :referral_id
end
end
code on the _referral.html.haml partial that is giving the error:
= link_to '<i class="icon-ok icon-large pull-right icon-grey" rel="tooltip" title="Reply"> Reply</i>'.html_safe, reply_to_referral_path(referral_id: referral.id, replier_id: current_user.id)
I know this must be simple to do in the controller, I tried using a helper but got nowhere
Add your routes and controller and we can give you a better answer, but I'm guessing that this isn't working since you're passing an email to the route.
Emails have full stops (.) which can break your route unless you add constraints to the route.
Try changing your route to something like:
resources :referrals do
member do
put "reply_to_referral" # will give you referrals/:id/reply_to_referral
end
end
Now change your link to reply_to_referral_path(id: referral.id, email: current_user.email), this should come out as /referrals/32/reply_to_referral?email=user#email.com
Then in referrals controller:
def reply_to_referral
#referral = Referral.find(params[:id])
#email = params[:email]
# now make sure your referral_replies table has a column called 'email' and
# also one called 'referral_id', then you can do:
#referral_reply = #referral.referral_replies.create(email: #email)
flash[:success] = "Referral reply sent."
redirect_to # wherever required
end
You could do something similar by adding a constraint to the route, or by passing in the user's id instead of email and then querying the database.
To style the button you can then check if the referral has any replies:
<% if referral.referral_replies.any? %>
# add a CSS class
<% end %>
My Rails app is a simple one where users can register and view jobs for a certain organization. I have set up Devise so that users must be authenticated before they can pursue certain actions like viewing jobs, posting jobs, etc. I currently have a job model and a user model. How would I go about setting permissions so that Users can create new posts and ONLY edit and delete the posts that THEY wrote?
Job.rb:
class Job < ActiveRecord::Base
# Include default devise modules. Others available are:
# :token_authenticatable, :confirmable,
# :lockable, :timeoutable and :omniauthable
devise :database_authenticatable,
:recoverable, :rememberable, :trackable, :validatable
# Setup accessible (or protected) attributes for your model
attr_accessible :contact_email, :contact_phone, :description, :district, :due_date, :expiration_date, :job_title, :posting_date, :requirements, :salary, :submission_process
end
User.rb
class User < ActiveRecord::Base
# Include default devise modules. Others available are:
# :token_authenticatable, :confirmable,
# :lockable, :timeoutable and :omniauthable
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :trackable, :validatable
# Setup accessible (or protected) attributes for your model
attr_accessible :email, :password, :password_confirmation, :remember_me
# attr_accessible :title, :body
end
Jobs_Controller.rb:
class JobsController < ApplicationController
before_filter :authenticate_user!, :except => [:show, :index]
# GET /jobs
# GET /jobs.json
def index
#jobs = Job.all
respond_to do |format|
format.html # index.html.erb
format.json { render json: #jobs }
end
end
# GET /jobs/1
# GET /jobs/1.json
def show
#job = Job.find(params[:id])
respond_to do |format|
format.html # show.html.erb
format.json { render json: #job }
end
end
# GET /jobs/new
# GET /jobs/new.json
def new
#job = Job.new
respond_to do |format|
format.html # new.html.erb
format.json { render json: #job }
end
end
# GET /jobs/1/edit
def edit
#job = Job.find(params[:id])
end
# POST /jobs
# POST /jobs.json
def create
#job = Job.new(params[:job])
respond_to do |format|
if #job.save
format.html { redirect_to #job, notice: 'Job was successfully created.' }
format.json { render json: #job, status: :created, location: #job }
else
format.html { render action: "new" }
format.json { render json: #job.errors, status: :unprocessable_entity }
end
end
end
# PUT /jobs/1
# PUT /jobs/1.json
def update
#job = Job.find(params[:id])
respond_to do |format|
if #job.update_attributes(params[:job])
format.html { redirect_to #job, notice: 'Job was successfully updated.' }
format.json { head :no_content }
else
format.html { render action: "edit" }
format.json { render json: #job.errors, status: :unprocessable_entity }
end
end
end
# DELETE /jobs/1
# DELETE /jobs/1.json
def destroy
#job = Job.find(params[:id])
#job.destroy
respond_to do |format|
format.html { redirect_to jobs_url }
format.json { head :no_content }
end
end
end
If you're intending to expand your system and add other roles for example admin, super admin, normal users, guests, ... etc then my advice to you is to have a look at the authentication gem of Ryan Bates which is named CanCan.
If the app is as simple as you mentioned in your answer, then you've to use the current_user method provided by the devise gem also, you've to set a relation between the job and the user. I guess it'll be a one-to-many relation (each user can have many jobs) this can be down by:
Create a new migration which adds a column to the jobs table, the column name should be user_id
Add has_many :jobs in the user model (user.rb)
Add belongs_to :user in the job model (job.rb)
In your controller the methods edit, update and destroy should be something like that
def update
#job = current_user.jobs.find(params[:id])
# the rest of the code is omitted
end
def destroy
#job = current_user.jobs.find(params[:id])
#job.destroy
# the rest of the code is omitted
end
def edit
#job = current_user.jobs.find(params[:id])
end
There's a gem that can help you https://github.com/ryanb/cancan
There's also a screencast demostrating how it works. http://railscasts.com/episodes/192-authorization-with-cancan
you can define with cancan what actions a determined user can execute.