Rails: Current user should only be able to view their own users#show page (Devise)?
Question
Is there a way to allow a user to only view their own profile page (users#show)? So when someone with an id of say 1 tries to go to the www.myapp.com/users/ 412 url, he will be re-directed to the root page? He can only access www.myapp.com/users/ 1 .
I am using devise and this is what I've tried. However with this code strangely enough, the current user cannot access his own page.
users_controller.rb
class UsersController < ApplicationController
before_action :authenticate_user!
before_action :only_see_own_page, only: [:show]
def show
#some ruby code here
end
private
def only_see_own_page
if current_user.id != params[:id]
redirect_to root_path, notice: "Sorry, but you are only allowed to view your own profile page."
end
end
end
**routes.rb*
resources :users, only: [:show]
1 answers
solution1
1 2017-01-10 20:29:46
Argh, it was that easy... This is what worked for me:
def only_see_own_page
@user = User.find(params[:id])
if current_user != @user
redirect_to root_path, notice: "Sorry, but you are only allowed to view your own profile page."
end
end
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
Editing Devise From Users#show view
Rails & Devise: destroy_user_session_path going to Users#Show?
Route user to users#show after devise password change
Allowing current_user to email @user from users#show/
Ruby on Rails - show_user_path NoMethodError in Users#show
NameError in Users#show - Rails
Rails: NoMethodError in Users#show
using devise with separate user profile (users#show) and profile_update (users#update), routing issue?
ActiveRecord::SubclassNotFound in Users#show - debugging in rails?
NoMethodError in Users#show (Ruby Rails)
Related Tags