In the case of this application the logged in user is only going to be
accessing his or her own resources (journals and measurements). So my
question is: What is the proper way to accommodate that in routing so
that /user/:user_id isn’t necessary and just going to /journals or /
journals/:id would ensure that I’m going to the the currently logged
in user’s journals or measurements? And in turn, what would be the
best way of making sure that users can’t type /journal/:id and see
another users record once that :user_id was trimmed off (they should
only be able to see their own).
I’ve never done this but I’ll give my 2 cents anyway:
With nested routes, you are always still looking for the user - you
fetch it in the Journals controller and that’s where you can evaluate
it. What you can do is fetch the current_user unless the current_user
is an admin or whatever
About the routes I’d like to know that… if you always fetch the
current_user it would be possible since you don’t pass the user_id in
the URL anymore, but admins and such wouldn’t be able to see another’s
journal.
Ramon - Fetching the current_user in the Journals controller doesn’t
solve the issue, unless I’m misunderstanding you. The current_user is
set to in instance variable called @user so @user.id would be equal
to :user_id within the route. When I call @journals I’m using the
relationship to grab the journals suchas @journals = @user.journal.
The question is really about the routing not about getting the user_id
in question. I’m trying to take advantage of the restful routes such
as user_journals_path and all that but without the need to have /
users/:user_id in the url.
Does anyone have any experience in doing something like this?
Another thought I had would be just being able to replace the /
users/:user_id with /profile
then there could be /profile/journals/2 or whatever… but profile
would be somehow mapped to the users controller passing the @user as
it’s default id… am I heading in any form of a sane direction?
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.