I’m new to rails and I’m having problems figuring out how to limit the
ability to for 1 user to see the records that another user creates. I
have Users and Children and I want to make it so a User with user_id
of 1 who creates children_id of 8,9 can only see children 8,9. I also
want to make it so User_id 2 cannot see user_id 1 or children 8 and 9.
I am using restful_authentication.
The simplest thing to do is create a relationship between the record
and the user. If you object/record was product then:
class Product
belongs_to :user
end
class User
has_many :products
end
then in your Product controller always access products via the user:
def index
current_user.products
end
def new
current_user.products.build
end
def create
current_user.products.build(params[:products])
end
etc…
HTH,
Nicholas
One thing. I looked at the example you send and was wondering if this
will prevent other users from viewing the products created by other
users? That is what I am trying to do. I will test you code ASAP.
To clarify…
def create
current_user.products.build(params[:products])
end
should have been
def create
current_user.products.build(params[:products])
… # etc
end
Nick,
WOW! Thanks for the quick reply. I have created the relationship and I
will change my controllers to reflect your suggestion. Thanks a bunch
for the help.
Yes it will, just use the scope when finding a record. Continuing from
my previous example:
def show
@product = current_user.products.find(params[:id])
end
Sent from my iPhone
Thanks so much for the help. This worked perfectly. Sorry for the late
response.