I’ve got Devise working in my Rails app but I can’t figure out how

Question

0

Asked: May 17, 20262026-05-17T19:00:22+00:00 2026-05-17T19:00:22+00:00

I’ve got Devise working in my Rails app but I can’t figure out how

0

I’ve got Devise working in my Rails app but I can’t figure out how to now lock it down so a user can only edit their own record in the users table AND in tables belonging to the user.

What am I missing here? Is this done in the controller or the model?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-17T19:00:22+00:00

I would create a helper in application_controller for current_user and remove the use of User.find

The simplest way of creating an authorization is with a boolean flag (admin true/false). For other simple solutions are cancan, as mentioned by Yannis or easy_roles KISS is recommend to start with. You may implement the edit action like this

def edit
 if current_user.is_admin?
   User.find(params[:id])
 else
    current_user
 end
end

application_controller.rb

def current_user
  UserSession.find
end

To limit access by the user, like a user having his/hers own tasks, do this.

def index
  @tasks = current_user.tasks
end

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I’ve got Devise working in my Rails app but I can’t figure out how

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply