User pages how are they done

should a user’s home page be invoked by a show then id => meaning /
show/id(of user)?? when they log into the application? because it
would be easy for another user to use /show/3 to access of another
user.

Whats the normal procedure when a user logs into your app to get to
his account page?

tyliong wrote:

should a user’s home page be invoked by a show then id => meaning /
show/id(of user)?? when they log into the application? because it
would be easy for another user to use /show/3 to access of another
user.

Whats the normal procedure when a user logs into your app to get to
his account page?

It would be very easy, but that is why you do validation checking. For
example, im my controller I not only save a session variable with the
users id but also I have a before_filter that checks the users.id with
the session[:id] value, if they don’t match the user gets kicked off or
back to a login page.

-S

you store the id of the logged in user in the session.
then on the personal show page you only use the id
stored in the session to access his/her data.

You can use singular resources for the user, then
you do not even need to use the id in the url

map.resource :user
instead of
map.resources :user

will allow for that.

thin in the controller:
@user = User.find(session[:user_id])
and all data related by the user only from associations (eg he has
orders)
@user.orders.each dp |order|

That’s roughly how to use Rails to make sure,
nobody can access data that’s not his own

thanks i’ll try it out once i have the chance

On Aug 26, 10:08 pm, Shandy N. [email protected]

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs