First of all sorry for the confusing title. I don't really know how to explain what I want to do in one line. I am creating a Rails website in which Developers will be able to be listed and create profiles. In the profile page, users will be able to upload their projects into their portfolio. Then the customer(s) (whom the developer created this project for) will be able to submit a testimonial on that particular project. My goal is that only that customer will be able to submit an endorsement on the project added to the portfolio. As I said, I only need the specific customer to be able to submit a testimonial so what I thought is that the user will input the customer's email on a form and then the customer will receive an email with a dynamic link to the website for making the testimonial. This link should point to testimonial's new action so that the customer will be able to submit the endorsement. My issue right now is how do I do something like that in Rails? How will I create a dynamic link to point to the page that will render testimonial form? Also another idea is to just send (via email) a PIN code to the customer so he will just need to input the correct PIN in order that the endorsement will be created. I am also open to ideas. I like simple implementations so if you have one in mind, please feel free to share :) Thanks
on 2014-01-24 00:18
on 2014-01-24 14:43
You could do this with a param in the url possibly MD5 the customer email. Then you can call some method to check it. Something like = render "your_form" if portfolio_customer?(params[:customer]) #then in the model. def portfolio_customer?(customer_key) customer_key == Digest::MD5.hexdigest(portfolio.customer_email) end Matt
on 2014-01-24 15:07
You might consider having a link_to testimonials within a project view that would provide a list of prior responses related to that project and a link_to request_testimonial if none exists. You should keep all project customer information private to the customer / developer team and only allow the customer to release their email. Map out roles for admin, developer, customer, registered_user, and visiting_user and identify what each will be allowed to see and do. Go through an authentication step to separate the visiting_user from the others and then use authorization to bind the other roles to appropriate actions.