[Need advice] Dynamic URL pointing at controllers action

First of all sorry for the confusing title. I don't really know how to
explain what I want to do in one line.

I am creating a Rails website in which Developers will be able to be
listed and create profiles. In the profile page, users will be able to
upload their projects into their portfolio. Then the customer(s) (whom
the developer created this project for) will be able to submit a
testimonial on that particular project.

My goal is that only that customer will be able to submit an endorsement
on the project added to the portfolio.

As I said, I only need the specific customer to be able to submit a
testimonial so what I thought is that the user will input the customer's
email on a form and then the customer will receive an email with a
dynamic link to the website for making the testimonial. This link should
point to testimonial's new action so that the customer will be able to
submit the endorsement.

My issue right now is how do I do something like that in Rails? How will
I create a dynamic link to point to the page that will render
testimonial form?

Also another idea is to just send (via email) a PIN code to the customer
so he will just need to input the correct PIN in order that the
endorsement will be created.

I am also open to ideas. I like simple implementations so if you have
one in mind, please feel free to share :slight_smile:


You could do this with a param in the url… possibly MD5 the customer email. Then you can call some method to check it. Something like

= render "your_form" if portfolio_customer?(params[:customer])

#then in the model.

def portfolio_customer?(customer_key)
  customer_key == Digest::MD5.hexdigest(portfolio.customer_email)


You might consider having a link_to testimonials within a project view that would provide a list of prior responses related to that project and a link_to request_testimonial if none exists. You should keep all project customer information private to the customer / developer team and only allow the customer to release their email.

Map out roles for admin, developer, customer, registered_user, and visiting_user and identify what each will be allowed to see and do. Go through an authentication step to separate the visiting_user from the others and then use authorization to bind the other roles to appropriate actions.