Home/ Questions/Q 6723123
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-26T09:31:51+00:00

I’ve been struggling with this for a while now, so I thought I’d ask

  • 0

I’ve been struggling with this for a while now, so I thought I’d ask the experts.

I am trying to make it so that Users can only edit/view Items that they have created using Devise.

I have Users set up and working well. Items are being created with a user associated with them and I can verify this via rails console. 

def create
 @item = Item.new(params[:item])
 @item.user = current_user
end

What I am trying to do now is to make it so that once logged in, users can only see the items that they have created, and no others.

In my Items controller have tried replacing:

def index
 @items = Items.all
end

with 

def index
 @items = current_user.Items.find(params[:id])
end

but this doens’t seem to work for me and I get 

undefined method `Items' for #<User:0x007fdf3ea847e0>

Can anyone offer any advice as to what to try next?

Thanks so much.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    1. Maybe I`m old school but I would not use current_user to find records, only to verify permissions. I would use the primary key relationships directly (they don’t change):

      @items = Item.find(:all, :conditions => { :user_id => current_user[:id] }

    or

    @items = Item.find_all_by_user_id current_user[:id]

    As for setting permissions, devise actually doesn`t let you do that BUT there is the excellent supplement called Cancan, you should definitely look into it. With Cancan, you will have an ability.rb class that will define your permissions. What you are looking for then becomes:

    class Ability
  can [:read, :show, :edit, :update, :delete, :destroy], Item do |item|
    item.user_id == user.id
  end

  # or
  can :manage, Item do |item|
    item.user_id == user.id
  end
end

    reading the Cancan docs would clarify the code above.

    • 0