Hey guys I created some custom authentication thanks to railscasts.com but I’m somewhat stuck

Question

0

Asked: May 24, 20262026-05-24T02:01:50+00:00 2026-05-24T02:01:50+00:00

Hey guys I created some custom authentication thanks to railscasts.com but I’m somewhat stuck

0

Hey guys I created some custom authentication thanks to railscasts.com but I’m somewhat stuck as I need to restrict my users from editing other users’ profiles.

Here’s my authenticate_user and current_user methods:

private

def current_user
  @current_user ||= User.find_by_auth_token!(cookies[:auth_token]) if cookies[:auth_token]
end

def authenticate_user!
  if current_user.nil?
    redirect_to login_url, :alert => "You must first log in to access this page"
  end
end

Here’s the before_filter in my UsersController:

before_filter :authenticate_user!, :only => [:edit, :update, :destroy]`

EDIT: Fixed it thanks to alock27.

I had to edit my users_controller and modify the edit action as follows:

@user = User.find(params[:id]    
redirect_to root_url unless current_user == @user

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-24T02:01:51+00:00

Editorial Team

2026-05-24T02:01:51+00:00Added an answer on May 24, 2026 at 2:01 am

I think you want this:

Adding security on routes in Rails

you need to find the User by :id and check if current_user = @user

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

Hey guys I created some custom authentication thanks to railscasts.com but I’m somewhat stuck

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply