Locked lesson.
About this lesson
Understanding the "correct user" in Pins Controller.
Exercise files
Download this lesson’s related exercise files.
Pins Controller Associations.docx58.8 KB Pins Controller Associations - Solution.docx
59.9 KB
Quick reference
Pins Controller Associations
In this video we'll define who the correct_user is in our pins_controller.rb file.
When to use
When we want to figure out if a user owns a pin, we need to test that they're the correct user. Let's create a correct_user method in our pins_controller.rb file!
Instructions
Define our correct_user method in your pins_controller.rb file. (add this code just above the final end of the file)
def correct_user
@pin = current_user.pins.find_by(id: params[:id])
redirect_to pins_path, notice: "Not authorized to edit this pin" if @pin.nil?
end
Next: Update your new method in the pins controller to reference the current user:
def new
@pin = current_user.pins.build
end
Next: Update your create method in the pins controller to reference the current user:
def create
@pin = current_user.pins.build(pin_params)
if @pin.save
redirect_to @pin, notice: 'Pin was successfully created.'
else
render action: 'new'
end
end
Next: Add name to the pins_params method of your pins_controller:
def pin_params
params.require(:pin).permit(:description, :name)
end
Next: Use some embedded Ruby to output the user name to the pins show.html.erb file:
<strong>Name:</strong>
<%= @pin.user.name %>
Hints & tips
- Define your correct_user in your pins_controller.rb file
- Notice the correct_user method references the current_user
- The current_user is a Devise function (read about it in the Devise documentation)
- Be sure to reference the current_user in your other pins_controller methods (new, and create)
- Add name to your pins params method
- 00:05 In this video we're gonna define who the correct user is and
- 00:08 do some finishing up things to associate our pins and our users.
- 00:11 We have this correct user we have to define this.
- 00:13 So let's come down here to the end and let's just create a new method and
- 00:19 we're gonna call it correct_user because that's what we named it here.
- 00:25 And a correct_user is the current user defined by those
- 00:29 IDs that we created earlier in our schema file.
- 00:34 If we go back to our database, schema file,
- 00:37 remember we created this user_id field?
- 00:39 We're sort of calling on that now in our pins controller and if the current
- 00:44 user, the person that's current logged in, is not associated by id then
- 00:49 it will throw up this error that says, you are not authorized to edit this pin.
- 00:54 So it might be a little bit complicated.
- 00:56 And I'll put this code in the resource section, you can just download it and
- 00:59 paste it in.
- 00:59 You don't really need to know exactly what it is, but that's sort of what it is.
- 01:02 We just need to find out if the current user is the correct user.
- 01:05 I'm gonna take this out.
- 01:07 So we're almost done now.
- 01:08 We need to go through here and
- 01:10 add a couple of edits to some of these different methods.
- 01:13 Since we're dealing with the current user and the current user is defined by devise.
- 01:18 If you actually go back to your devise documentation,
- 01:21 you can see this current_user thing and you can read about it there.
- 01:26 But since we're using a current user, we need to make some changes to some of
- 01:29 these methods and we'll start out with the, let's see, new method, where is that?
- 01:33 Index, show new, we need to change it from this to this, to add this current thing.
- 01:38 Next, we need to change our create method and just gonna pull out all of this.
- 01:42 Just paste in this to deal with this current user stuff and
- 01:46 I'll put all of this code in the research section so you can copy and paste it.
- 01:51 Again, you don't really need to know what all of this stuff is, not a huge deal.
- 01:55 And the last thing we need to do is let's scroll down here and
- 01:58 look at our PIN params.
- 02:00 We need to add another parameter.
- 02:01 Right now, it's just looking at description.
- 02:04 So our PIN description, right?
- 02:06 We also need to allow it to look at name.
- 02:10 And that name, if we look at our schema file, that's just this name right here.
- 02:13 So every user has a name,
- 02:15 if we want to show the names on the pens, we need to allow that.
- 02:19 And that's what this field is.
- 02:20 It lets you know what things you will allow on the page,
- 02:24 a little bit complicated.
- 02:25 So we've got description and name, and so we're good to go if we save this file.
- 02:29 The last thing we need to do is see if this works, so
- 02:31 let's do that by, let's close some of these.
- 02:34 Let's go to our app, views, pins and our show page and let's make a quick change.
- 02:42 So now when we show a pin, it just shows the description.
- 02:45 So I'm gonna add another field and let's add name.
- 02:52 And to add out the name, we use this line.
- 02:56 Look at this earlier one, to output the description under the screen,
- 03:00 we do this @pin.description.
- 03:02 To output the name, we do @pin.user.name because we're pulling it
- 03:07 from the user table and in the user table we're pulling out the name.
- 03:12 So save this, go back to our app and let's hit reload.
- 03:16 Actually, I'm just gonna hit New Pin.
- 03:20 Call this Hello World, submit.
- 03:22 And look, there it is, John Elder.
- 03:25 If we go back to our List Pins and hit the Show button, boom, name John Elder.
- 03:30 So it looks like everything we did worked.
- 03:33 Our pins are now associated with users, we can output the name of the user with
- 03:38 each pin and the last test is to logout and List Pins and let's try and edit this.
- 03:44 Nope, can't edit it.
- 03:45 Let's try and destroy it.
- 03:47 Nope, can't destroy it.
- 03:49 Let's sign up as a new user.
- 03:51 Call it ME, me@me.com, hello, hello.
- 03:57 Okay, so let's sign up as a new user.
- 03:59 Password is too short, okay.
- 04:01 Password, password.
- 04:06 Okay, so now if we try and edit, nope not authorized to edit.
- 04:08 Now if we try to destroy it as a different user.
- 04:14 Did not work, awesome.
- 04:16 So that means, go ahead and cancel this account.
- 04:19 Actually, let's log in as our old user just to make sure.
- 04:23 Now, list pins, try and edit this, yes.
- 04:27 Yes, so that worked, try and destroy it, awesome.
- 04:31 So everything is working the way it's suppose to.
- 04:33 And whoo that was a lot of work but we got through it.
- 04:36 It wasn't too bad, and
- 04:37 this is definitely one of the most complicated sections of the whole course.
- 04:41 So yeah, that's all for this video.
Lesson notes are only available for subscribers.