gurupal singh

Joined

100 Experience
0 Lessons Completed
0 Questions Solved

Activity

Posted in Restrict Users to have only one post ..!!

I am creating an application where User will login into their account (using devise gem for authentication) and add their personal details/upload documents and obviously every user have their personal accounts/identities. In addition I want to hide "new link" in index.html.erb file.
Later on I will add Admin Banckend (using active admin gem) and only admin can see all the documents/details and can download the same.

Here is my code for testing :-

post_controller.rb

class PostsController < ApplicationController
  before_action :set_post, only: [:show, :edit, :update, :destroy]
  before_action :authenticate_user!

  def index
    @posts = Post.all
  end

  def show
  end

  def new
    @post = current_user.posts.build
  end

  def edit
  end

  def create
    @post = current_user.posts.build(post_params)

    respond_to do |format|
      if @post.save
        format.html { redirect_to @post, notice: 'Post was successfully created.' }
        format.json { render :show, status: :created, location: @post }
      else
        format.html { render :new }
        format.json { render json: @post.errors, status: :unprocessable_entity }
      end
    end
  end

  # PATCH/PUT /posts/1
  # PATCH/PUT /posts/1.json
  def update
    respond_to do |format|
      if @post.update(post_params)
        format.html { redirect_to @post, notice: 'Post was successfully updated.' }
        format.json { render :show, status: :ok, location: @post }
      else
        format.html { render :edit }
        format.json { render json: @post.errors, status: :unprocessable_entity }
      end
    end
  end

  # DELETE /posts/1
  # DELETE /posts/1.json
  def destroy
    @post.destroy
    respond_to do |format|
      format.html { redirect_to posts_url, notice: 'Post was successfully destroyed.' }
      format.json { head :no_content }
    end
  end

  private
    # Use callbacks to share common setup or constraints between actions.
    def set_post
      @post = Post.find(params[:id])
    end

    # Never trust parameters from the scary internet, only allow the white list through.
    def post_params
      params.require(:post).permit(:title, :content)
    end
end

index.html.erb 

<p id="notice"><%= notice %></p>

<h1>Listing Posts</h1>

<table>
  <thead>
    <tr>
      <th>Title</th>
      <th>Content</th>
      <th colspan="3"></th>
    </tr>
  </thead>
        <td><%= current_user.post.try(:title) %></td>
        <td><%= current_user.post.try(:content) %></td>
</table>

<br>


  <%= link_to 'New Post', new_post_path %>

Please help me to do this.

Posted in How to prevent users from view other user profile or data ?

I have created 2 users (using devise gem) and added data in both the profiles, but both users can see each others data and profiles. How to stop users to access or see other users profiles