Home/ Questions/Q 6652871
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-26T01:11:46+00:00

I’ve got Devise set up in my Rails 3 app. Devise is configured to

  • 0

I’ve got Devise set up in my Rails 3 app. Devise is configured to work with a model called Publisher. Publisher has several associated models. I’m having a hard time conceptualising how to protect creating/destroying/viewing these associated objects with Devise. I’m used to creating an associated record with something like:

pub = Publisher.find(:params[publisher_id])
pub.books << Book.create!(:title => "War and Peace")

I’m sure I’m just missing something straightforward, but where do I implement logic that confirms that whoever is logged in as pub is actually the person creating this association? Is it as straightforward as something like this?:

pub = Publisher.find(current_publisher)

If that’s the case, where do I implement this? In our implementation, these records will be created via a POST to /publishers/:publisher_id/books(.:format). Does this mean that the should occur in the #create method in BooksController? I know this is all elementary, but I’m only exposed to RoR once every six months or so–never long enough get a lasting, solid grasp!

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You should create new Book instances using the Publisher‘s books association, like this:

    current_publisher.books.build(:title => "War and Peace")

    This adds a new book to the association and assigns the publisher to it for you.

    • 0