Vince Gilbert
2009-Mar-24 02:07 UTC
Linking a model to a specific user - RESTful Authentication
Hi, I am having a really tough time figuring this out. I followed the tutorial below to add a RESTful authentication to a Ruby application that tracks projects (just a title and a url). The tutorial is for a blog, but I just changed blog to projects http://ruby.about.com/od/rubyonrails/ss/railsblog3.htm My main table of projects is: projects ------- ID: integer Title: string Url: string The RESTful Authentication plugin adds: user ------ ID: integer login: varchar password:varchar .... and a sessions controller. I would like the application to show the user a list of the projects that belong to them when they go do the projects index action. However, I have no idea how to link the user ID to a particular project and then list their projects based on whether they are the appropriatly logged in user. I figure that when a new project is created, the create method could add the user ID to the project in another column. And then, when the list/show action is called for the projects, only the appropriate projects will show. Here is the projects controller. Can anyone help me with this? I''m in over my head. Thanks, Vince. class ProjectsController < ApplicationController before_filter :login_required # GET /projects # GET /projects.xml def index @projects = Project.find(:all) respond_to do |format| format.html # index.html.erb format.xml { render :xml => @projects } end end # GET /projects/1 # GET /projects/1.xml def show @project = Project.find(params[:id]) respond_to do |format| format.html # show.html.erb format.xml { render :xml => @project } end end # GET /projects/new # GET /projects/new.xml def new @project = Project.new respond_to do |format| format.html # new.html.erb format.xml { render :xml => @project } end end # GET /projects/1/edit def edit @project = Project.find(params[:id]) end # POST /projects # POST /projects.xml def create @project = Project.new(params[:project]) #@project.clientID = @session[''user''].id respond_to do |format| if @project.save flash[:notice] = ''Project was successfully created.'' format.html { redirect_to(@project) } format.xml { render :xml => @project, :status => :created, :location => @project } else format.html { render :action => "new" } format.xml { render :xml => @project.errors, :status => :unprocessable_entity } end end end # PUT /projects/1 # PUT /projects/1.xml def update @project = Project.find(params[:id]) respond_to do |format| if @project.update_attributes(params[:project]) flash[:notice] = ''Project was successfully updated.'' format.html { redirect_to(@project) } format.xml { head :ok } else format.html { render :action => "edit" } format.xml { render :xml => @project.errors, :status => :unprocessable_entity } end end end # DELETE /projects/1 # DELETE /projects/1.xml def destroy @project = Project.find(params[:id]) @project.destroy respond_to do |format| format.html { redirect_to(projects_url) } format.xml { head :ok } end end end -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Vince Gilbert
2009-Mar-24 02:10 UTC
Re: Linking a model to a specific user - RESTful Authentication
I thought I would include the sessions controller too, just in case it helps: # This controller handles the login/logout function of the site. class SessionsController < ApplicationController # Be sure to include AuthenticationSystem in Application Controller instead # render new.rhtml def new end # render logout.rhtml def logout end def create self.current_user = User.authenticate(params[:login], params[:password]) if logged_in? if params[:remember_me] == "1" current_user.remember_me unless current_user.remember_token? cookies[:auth_token] = { :value => self.current_user.remember_token , :expires => self.current_user.remember_token_expires_at } end redirect_back_or_default(''/'') flash[:notice] = "Logged in successfully" else render :action => ''new'' end end def destroy self.current_user.forget_me if logged_in? cookies.delete :auth_token reset_session flash[:notice] = "You have been logged out." redirect_back_or_default(''/'') end end Vince Gilbert wrote:> Hi, > > I am having a really tough time figuring this out. I followed the > tutorial below to add a RESTful authentication to a Ruby application > that tracks projects (just a title and a url). The tutorial is for a > blog, but I just changed blog to projects > > http://ruby.about.com/od/rubyonrails/ss/railsblog3.htm > > My main table of projects is: > > projects > ------- > ID: integer > Title: string > Url: string > > The RESTful Authentication plugin adds: > > user > ------ > ID: integer > login: varchar > password:varchar > .... > > and a sessions controller. > > I would like the application to show the user a list of the projects > that belong to them when they go do the projects index action. However, > I have no idea how to link the user ID to a particular project and then > list their projects based on whether they are the appropriatly logged in > user. > > I figure that when a new project is created, the create method could add > the user ID to the project in another column. And then, when the > list/show action is called for the projects, only the appropriate > projects will show. > > Here is the projects controller. Can anyone help me with this? I''m in > over my head. Thanks, Vince. > > class ProjectsController < ApplicationController > before_filter :login_required > > # GET /projects > # GET /projects.xml > def index > @projects = Project.find(:all) > respond_to do |format| > format.html # index.html.erb > format.xml { render :xml => @projects } > end > end > > # GET /projects/1 > # GET /projects/1.xml > def show > @project = Project.find(params[:id]) > > > respond_to do |format| > format.html # show.html.erb > format.xml { render :xml => @project } > end > end > > # GET /projects/new > # GET /projects/new.xml > def new > @project = Project.new > respond_to do |format| > format.html # new.html.erb > format.xml { render :xml => @project } > > end > end > > # GET /projects/1/edit > def edit > @project = Project.find(params[:id]) > end > > # POST /projects > # POST /projects.xml > def create > @project = Project.new(params[:project]) > #@project.clientID = @session[''user''].id > respond_to do |format| > if @project.save > > flash[:notice] = ''Project was successfully created.'' > format.html { redirect_to(@project) } > format.xml { render :xml => @project, :status => :created, > :location => @project } > else > format.html { render :action => "new" } > format.xml { render :xml => @project.errors, :status => > :unprocessable_entity } > end > end > end > > # PUT /projects/1 > # PUT /projects/1.xml > def update > @project = Project.find(params[:id]) > > respond_to do |format| > if @project.update_attributes(params[:project]) > flash[:notice] = ''Project was successfully updated.'' > format.html { redirect_to(@project) } > format.xml { head :ok } > else > format.html { render :action => "edit" } > format.xml { render :xml => @project.errors, :status => > :unprocessable_entity } > end > end > end > > # DELETE /projects/1 > # DELETE /projects/1.xml > def destroy > @project = Project.find(params[:id]) > @project.destroy > > respond_to do |format| > format.html { redirect_to(projects_url) } > format.xml { head :ok } > end > end > end-- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Mark Mr
2009-Mar-24 20:56 UTC
Re: Linking a model to a specific user - RESTful Authenticat
Make a field in your project model called user_id. Then in the Project.rb file put belongs_to :user And in the User model has_many :projects Then when you create a project, set user_id = current_user.id. Finally to display them simply use user.projects Hope this helped. -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Vince Gilbert
2009-Mar-25 01:27 UTC
Re: Linking a model to a specific user - RESTful Authenticat
Thank you very much for the help. I am starting to build a schema in my brain as to how some of this works. I have a small problem with the last instruction. How do I use the "user.projects" in the index method below: Thank you again - much appreciated. # GET /posts # GET /posts.xml def index @posts = Post.find(:all, :order => ''created_at DESC'') respond_to do |format| format.html # index.html.erb format.xml { render :xml => @posts } end end Mark Mr wrote:>Finally > to display them simply use user.projects > > Hope this helped.-- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Vince Gilbert
2009-Mar-25 02:58 UTC
Re: Linking a model to a specific user - RESTful Authenticat
OK - I managed to figure it out myself using: user_id = current_user.id @posts = Post.find_all_by_user_id(user_id) That works great for the index method. Where I''m having trouble now is the Show method. As it stands, clicking on the title of one of the projects calls the Show method like http://localhost:3000/projects/1 The problem is, if the user types manually into the address bar, they could call up whichever project id they want. Can someone give me a hand with the show method. I''m thinking that an If statement checking to see if the project.user_id for the project.id in the parameter match. If not, redirect. If so, then go ahead and show the project record. I''m not sure of syntax: def show user_id = current_user.id If user_id = :id then @post = Post.find(params[:id]) respond_to do |format| format.html # show.html.erb format.xml { render :xml => @post } end Else redirect_back_or_default(''/projects'') end if end Vince Gilbert wrote:> Thank you very much for the help. I am starting to build a schema in my > brain as to how some of this works. > > I have a small problem with the last instruction. How do I use the > "user.projects" in the index method below: > > Thank you again - much appreciated. > > # GET /posts > # GET /posts.xml > def index > @posts = Post.find(:all, :order => ''created_at DESC'') > respond_to do |format| > format.html # index.html.erb > format.xml { render :xml => @posts } > end > end > > > Mark Mr wrote: >>Finally >> to display them simply use user.projects >> >> Hope this helped.-- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Mark Mr
2009-Mar-25 13:58 UTC
Re: Linking a model to a specific user - RESTful Authenticat
I''d recommend trying out the restful ACL plugin. http://www.railslodge.com/plugins/966-restful-acl This is an effective way to set permissions for your project and is good to use in general. In this case, you could simply put in your Post model: def is_readable_by(user, parent = nil) self.user.eql?(user) end This example is assuming you have belongs_to :user in your Post model. It takes a little while to learn but once you do it should be easy. I put this in all my models. -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Vince Gilbert
2009-Mar-25 14:47 UTC
Re: Linking a model to a specific user - RESTful Authenticat
Hello Mark, thank you for your suggestion. I gather that the RESTful ACL plugin is meant to be used instead of RESTful Authentication Plugin that I am currently using? Vince Mark Mr wrote:> I''d recommend trying out the restful ACL plugin. > http://www.railslodge.com/plugins/966-restful-acl > > This is an effective way to set permissions for your project and is good > to use in general. In this case, you could simply put in your Post > model: > > def is_readable_by(user, parent = nil) > self.user.eql?(user) > end > > This example is assuming you have belongs_to :user in your Post model. > It takes a little while to learn but once you do it should be easy. I > put this in all my models.-- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Mark Mr
2009-Mar-25 16:21 UTC
Re: Linking a model to a specific user - RESTful Authenticat
No you should use both. Restful authentication creates users and ACL tells the program what parts of the website those users (or non-users) can access. The ACL is really simple, it''s just a matter of putting those ACL functions in each model. -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Cisco Ri
2009-Apr-23 12:47 UTC
Re: Linking a model to a specific user - RESTful Authenticat
I am creating a similar application using restful authentication. Here is my schema -- do I need to add a user_id column to my user table? create_table "links", :force => true do |t| t.string "url" t.string "title" t.integer "user_id" t.datetime "created_at" t.datetime "updated_at" end create_table "users", :force => true do |t| t.string "name", :limit => 100, :default => "" t.string "email", :limit => 100 t.string "crypted_password", :limit => 40 t.string "salt", :limit => 40 t.datetime "created_at" t.datetime "updated_at" t.string "remember_token", :limit => 40 t.datetime "remember_token_expires_at" end -- Posted via http://www.ruby-forum.com/.
Cisco Ri
2009-Apr-23 12:47 UTC
Re: Linking a model to a specific user - RESTful Authenticat
I am creating a similar application using restful authentication. Here is my schema -- do I need to add a user_id column to my user table? create_table "links", :force => true do |t| t.string "url" t.string "title" t.integer "user_id" t.datetime "created_at" t.datetime "updated_at" end create_table "users", :force => true do |t| t.string "name", :limit => 100, :default => "" t.string "email", :limit => 100 t.string "crypted_password", :limit => 40 t.string "salt", :limit => 40 t.datetime "created_at" t.datetime "updated_at" t.string "remember_token", :limit => 40 t.datetime "remember_token_expires_at" end -- Posted via http://www.ruby-forum.com/.
Ar Chron
2009-Apr-23 17:08 UTC
Re: Linking a model to a specific user - RESTful Authenticat
Umm... no. Table ''users'' already has an implicit ''id'' field (you don''t have to mention them in your migrations), just like your ''links'' table does. If you are sticking to the rails standard, you needn''t declare them, they are the rails default primary key for their respective tables. In your ''links'' table, a ''user_id'' field tells rails that: a) this field, ''user_id'', contains an id to a record in another table - i.e., this record "belongs to" that record in that table over there, and that b) the related table is ''users'' (field name - ''_id'', pluralized). -- Posted via http://www.ruby-forum.com/.
Cisco Ri
2009-Apr-23 18:52 UTC
Re: Linking a model to a specific user - RESTful Authenticat
Ar Chron wrote:> Umm... no. > > Table ''users'' already has an implicit ''id'' field (you don''t have to > mention them in your migrations), just like your ''links'' table does. If > you are sticking to the rails standard, you needn''t declare them, they > are the rails default primary key for their respective tables. > > In your ''links'' table, a ''user_id'' field tells rails that: > > a) this field, ''user_id'', contains an id to a record in another table - > i.e., this record "belongs to" that record in that table over there, > > and that > > b) the related table is ''users'' (field name - ''_id'', pluralized).Thanks for letting me know. In links/new, how would I go about including the current user_id? The only way I know of would be a hidden form element, and I would like to keep it all server side. -- Posted via http://www.ruby-forum.com/.
Vince Gilbert
2009-Apr-23 19:12 UTC
Re: Linking a model to a specific user - RESTful Authenticat
Cisco Ri wrote:> Ar Chron wrote: >> Umm... no. >> >> Table ''users'' already has an implicit ''id'' field (you don''t have to >> mention them in your migrations), just like your ''links'' table does. If >> you are sticking to the rails standard, you needn''t declare them, they >> are the rails default primary key for their respective tables. >> >> In your ''links'' table, a ''user_id'' field tells rails that: >> >> a) this field, ''user_id'', contains an id to a record in another table - >> i.e., this record "belongs to" that record in that table over there, >> >> and that >> >> b) the related table is ''users'' (field name - ''_id'', pluralized). > > Thanks for letting me know. In links/new, how would I go about > including the current user_id? The only way I know of would be a hidden > form element, and I would like to keep it all server side.Hi Cisco, I will post my solution later tonight. I''m at work so I don''t have access. -- Posted via http://www.ruby-forum.com/.
Cisco Ri
2009-Apr-23 19:19 UTC
Re: Linking a model to a specific user - RESTful Authenticat
> Hi Cisco, > > I will post my solution later tonight. I''m at work so I don''t have > access.Awesome, thanks a bunch. -- Posted via http://www.ruby-forum.com/.
Ar Chron
2009-Apr-23 20:08 UTC
Re: Linking a model to a specific user - RESTful Authenticat
Cisco Ri wrote:> > Thanks for letting me know. In links/new, how would I go about > including the current user_id? The only way I know of would be a hidden > form element, and I would like to keep it all server side.Restful Authentication has the notion of current_user, does it not? Check in the authenticated_system.rb file in lib for a peek at some methods you have available to you. There''s no need to know the current_user''s id in the links controller''s new action, that just needs to manufacture an @link for the new.html.erb form. You will need it for the create action in the links controller though. Something like: def create @link = Link.new(params[:link]) if logged_in? @link.user_id = current_user.id if @link.save redirect_to(@link) else render :action => ''new'' end else # redirect to your login page? # I''d actually defend this method with a before_filter, and get # rid of this if logged_in? stuff end end -- Posted via http://www.ruby-forum.com/.
Aaron Brown
2009-Apr-23 20:47 UTC
Re: Linking a model to a specific user - RESTful Authenticat
Ar Chron wrote:> There''s no need to know the current_user''s id in the links controller''s > new action, that just needs to manufacture an @link for the new.html.erb > form. > > You will need it for the create action in the links controller though. > Something like:You can do it a little more simply with the "build" helper, provided there''s a has/belongs_to relationship between the user and the link. @link = current_user.links.build(params[:link]) ...will automatically set the user_id field by virtue of the association. - Aaron
Cisco Ri
2009-Apr-24 07:29 UTC
Re: Linking a model to a specific user - RESTful Authenticat
Thanks a bunch everyone, it''s working beautifully. -- Posted via http://www.ruby-forum.com/.