Home/ Questions/Q 1054369
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-16T17:23:45+00:00

I’m a Rails newbie…. Here’s what I’m trying to do…. I created a scaffold

  • 0

I’m a Rails newbie…. Here’s what I’m trying to do….

I created a scaffold for notes (t.text :content, t.integer :user_id)

What I want to do now is only allow user’s to view notes that they created. ie (== user_id)

In my /app/controllers/notes_controller.rb

I have the following:

class NotesController < ApplicationController
    before_filter :authenticate
    before_filter :correct_user
.
.
.
.



def correct_user
  @noteuserid = Note.find(:conditions=>["note.user_id=?", @noteuserid])
  redirect_to(root_path) unless current_user?(@noteuserid)
end

I’m having problems understanding how to write the following line: @noteuserid = Note.find(:conditions=>[“note.user_id=?”, @noteuserid])

Any ideas?

Thanks

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    So, firstly you want to find the Note being accessed by the user, then check whether that Note is valid for the user. I would try something like this (assuming that your current_user? method checks whether a given user id matches the current logged in user:

    def correct_user
  current_note = Note.find(params[:id])
  redirect_to(root_path) unless current_user?(current_note.user_id)
end

    Also, you may want to watch out for filtering all actions in the controller with your correct_user filter as actions to create a note may not have an id of a note to check against. Additionally, when you are viewing a collection of notes you will need to filter differently (e.g. Note.find(:all, :conditions => { :user_id => current_user_id })). It may be more appropriate to apply the correct logic in specific actions rather than as a generic filter.

    Finally, you could look at the cancan plugin which would do a lot of the hard work for you with code like this.

    • 0