[Rails] Re: Handling id for social networking site

Saurabh Peshkar wrote:
> Hi All,
>
> I want to handle the id parameter for social networking site
>
> For example:
>
> If the user logins to the site having id=1, he can show his profile as
>
> http://localhost:3000/users/1
> http://localhost:3000/users/1/edit for editing
>
> Scenario is that the logged in user having id=1 is able to see the and
> edit the profile details of another user say id=2 just by changing the
> url.
>
> http://localhost:3000/users/2
> http://localhost:3000/users/2/edit for editing
>
> Continuing the same user having id=1 is also be able to copy and paste
> any url of user id=2 but some urls can only be accessed by user id=2
>
> Problem:
> One user must not able to access another user details, Please let me
> know how to handle url parameters.
>
> Thanks in advance,
> Saurabh

Assuming you have a current_user method, or something similar-

#in users controller
before_filter :user_is_current_user

def user_is_current_user
redirect_to :action => "index" unless current_user.id ==
params[:id].to_i
end

Something like that anyway. This will make it so that a user can only
be edited, created, updated or viewed by themselves. If you wanted to
change it so that admin users could edit others details you could change
it like

def user_is_current_user
redirect_to :action => "index" unless current_user.admin? ||
current_user.id == params[:id].to_i
end
--
Posted via http://www.ruby-forum.com/.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To post to this group, send email to rubyonrails-talk@googlegroups.com
To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com
For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---