Hello,I am quite new on rails. Currently making CRUD apps in rails 3.0
in windows.
I've used devise [1.1.rc0] for authentication.In those apps any logged
in user can change other user's details.

How can I design the app, so that any logged in user can edit/remove
his details only if he wishes to do so and can only view others'
records.

After logging in he should be directed to his own page,where his
details are stored.He can only Update and Delete any of his details
there.But can only View the main page where his record will be kept
with other records.He should be able to remove or edit others'
records.


Thanks,

Pallav

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.

Search Discussions

  • Robert Walker at Feb 7, 2012 at 9:55 pm

    Pallav_bfs wrote in post #1044557:
    Hello,I am quite new on rails. Currently making CRUD apps in rails 3.0
    in windows.
    I've used devise [1.1.rc0] for authentication.In those apps any logged
    in user can change other user's details.

    How can I design the app, so that any logged in user can edit/remove
    his details only if he wishes to do so and can only view others'
    records.

    After logging in he should be directed to his own page,where his
    details are stored.He can only Update and Delete any of his details
    there.But can only View the main page where his record will be kept
    with other records.He should be able to remove or edit others'
    records.
    Take a look at one of the authorization frameworks such as CanCan:

    https://github.com/ryanb/cancan

    --
    Posted via http://www.ruby-forum.com/.

    --
    You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
    To post to this group, send email to rubyonrails-talk@googlegroups.com.
    To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
  • Dave Aronson at Feb 9, 2012 at 9:09 pm

    On Tue, Feb 7, 2012 at 11:15, Pallav_bfs wrote:

    How can I design the app, so that any logged in user can edit/remove
    his details only if he wishes to do so and can only view others'
    records.
    In addition to using authorization gems like CanCan, you can also do
    these things yourself. Before each action in each controller, get the
    current user. Before any action that would modify, or show in such a
    way as to allow modifying, any records, check if the current user is
    the owner of those records. If not, redirect to an error page. Also
    don't give him any *links* to such things! For instance, on the pages
    where he can *view* other people's records, don't put an "Edit" link.

    -Dave

    --
    Dave Aronson:  Available Cleared Ruby on Rails Freelancer
    (NoVa/DC/Remote) -- see www.DaveAronson.com, and blogs at
    www.Codosaur.us, www.Dare2XL.com, www.RecruitingRants.com

    --
    You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
    To post to this group, send email to rubyonrails-talk@googlegroups.com.
    To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
grouprubyonrails-talk @
categoriesrubyonrails
postedFeb 7, '12 at 4:15p
activeFeb 9, '12 at 9:09p
posts3
users3
websiterubyonrails.org
irc#RubyOnRails

People

Translate

site design / logo © 2022 Grokbase