I know that it is better to have codes when asking questions here, but I have none, which is kind of why I am asking.
I want to make a to-do list for my friends and family, I learned from the Agile Development With Rails to make an administrator login. But I don't seem to be able to figure out how to create users each of which is restricted to view his or her own pages within the application.
Is there any tutorials/book on this?
Thank You
Slightly open ended question, but if you're asking what I think you are then typically you just let the association methods do the work for you. Eg if User has_many :foos then instead of using Foo.find :all, use some_user.foos.find :all, which guarantees that you will only ever get things belonging to that user (it behaves like a regular find apart from that, so you can pass conditions, a specific id etc...)
Fred
For more on that line of thought...
http://www.therailsway.com/reference http://jamesgolick.com/2008/2/11/an-introduction-to-association-proxy
-- gw
Hi
I will just explain u with simple basic logic..When u want to restrict the page or make something available to the related user only u can easily give user restriction..
each and every user have their own id..So first u can fetch the id of the user that has logged in and after that u can check in the user table whose id is that..
once u have completed that work u just need to fire a query which will display all the tast where user = to the current user who has logged in..
this is the simple login which can be easily translated into code..even with the basic rails knowlege
Thanks
Dhaval Parikh Software Engineer www.railshouse.com sales(AT)railshouse(DOT)com
My most sincere thanks to you all.
All GREAT!. And they will serve me to unveil the eventual codes that will get me to the target functionality.
I have thought about the limiting all tasks found according to the logged-in user ID, hence @errands = Errand.find(:all, :condition =>'user_id =?','logged_in_id')
But is this better(?): @errands = User(logged_in_id).errands?
I mean, they fetch the same errands, but security-wise, which would you prefer and if it is not too much trouble, why?
Hope you had a nice weekend! And really, thanks so much for writing back! If you're in Berlin, let me buy you a bier.
All my best,
I have thought about the limiting all tasks found according to the logged-in user ID, hence @errands = Errand.find(:all, :condition =>'user_id =?','logged_in_id')
But is this better(?): @errands = User(logged_in_id).errands?
you mean
@errands = User.find(logged_in_id).errands?
which is the better one. Only that most people would either use a plugin for the login stuff or at least put that in helpers and before_filters
something like:
def current_login @current_login ||= Login.find(session[:login]) if session[:login] end
in application.rb
then current_login.errands
or whatever you look for. From security view it's all the same, as long as you make sure only to list errands that have the user_id of the logged in user (And this must be the one stored in the session after authentication, no id that comes from the browser) The association like thing current_login.errands is just more Ruby like and better to read.
Thanks for your help Thorsten, -- I was on a 25 hour day schedule and put off this until today. --- I used the "login system" provided as an example in the book Agile Web Development with Rails. I think it works okay so far.
May I ask one more (tougher) question?
Well, my co-worker and I were to work on this Macro for the office, so I added a task in my own account, but it 'd be great if she can see it, too, in her account. So it's sort of like collaborating, but of course, this is just a piece of read-only information to 'collaborate' on. So now, I have this One User Can Have Many Tasks, AND One Task Can Belong To Multiple Users thing. Is there an easy way to pull this off?
Thank You ! Merci! Danke! Nik
Sure, that's a has_and_belongs_to_many thing then. This can be done two ways. The simple one (needs no model): create a relation table named users_tasks which contains user_id and task_id
Users model: has_and_belongs_to_many :tasks
Tasks model: has_and_belongs_to_many :users
Then you can use all the common functions @user.tasks << Task.new(...params...) @user.tasks.each do |task|... and so on
Disadvantage of this approach is, that you can't store more information in the intermediate table and can't access it in other ways, since it has no model of it's own. Lots of Rails programmers (if not most) go another way, slightly more work to setup, but with more options:
Create a model name UserTasks (columns: id, user_id, :task_id and whatever information you may need), then User model: has_many :user_tasks has_many :tasks :through :user_tasks
Task: has_many :user_tasks has_many :users :through :user_tasks
UserTasks: belongs_to :user belongs_to :task
The tricky part (ok, not so tricky) is the through option which defines relations over the intermediate table, so in the end you can again do @user.tasks and get them all