I am using devise for my authentication system and on the main page I have the login screen and it creates users and logs them in perfectly. But after login it just go right back to the index page whereas I want it to redirect to the actual User’s page ie localhost:3000/user/1. I want this page to only be viewable by the user that is signed in, IE: other users can’t view other user’s profiles. If someone tries to navigate to lets say localhost:3000/user/2…they will be presented with a login screen and the credentials have to match that user.
I know this is a complicated question but any help would be useful.
What you’re describing to me sounds like you’re mixing Authentication and Authorization. I say mixing because determining whether you allow a user to access /user/1 vs /user/2 is what authorization is for.
Authentication is the process of determining “are you who you say you are”, whereas authorization is the process of determining “are you allowed where you want to go.”
So far you’re using devise for Authentication, and you’ll want to take a look at grabbing another gem for Authorization (my preference is cancan.)
If you don’t want to go the full authorization route (I’d recommend against it, but…) you can do a check in the
before_filterof the user controller to see whether thecurrent_user_id == id_from_the_url.And to redirect after login you’ll want to use the devise hook
after_sign_in_path_forwhich will look similar to this:Source: https://github.com/plataformatec/devise/wiki/How-To:-Redirect-to-a-specific-page-on-successful-sign-in