Home/ Questions/Q 9112435
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-17T03:44:05+00:00

My app allows users to log in and have sessions. I have a user

  • 0

My app allows users to log in and have sessions. I have a user controller and a sessions controller, mainly developed from railscasts “authorization from scratch”.
I recently added the ability to upload files to S3 using a jquery uploader… Again lots of this comes from railscasts “uploading to amazon S3”.

The problem is my uploads are not user specific. Right now my “upload” controller has an “authorize” before_filter to ensure you must be logged in to access the uploader; however once a user uploads a file, ALL users see the upload! Not good! I need to ensure users only see the respective files they upload.

I’ve tried a few things but none seem to work. I’m looking for some direction on how to ensure users only see the files they upload. I’m following different railscasts and rails documentation on nesting resources (I think that is how I have to do this?) but I keep missing something as there seems to be lots of changes that I don’t 100% understand. I fix one error, then hit another, and am wondering if I’m even going down the right path or maybe I’m missing something?

The way I thought this should work is to first nest the resource:

  resources :users do
    resources :cust_uploads
  end

Then I modified the models as below and ran “rake db:migrate” to tie them together… I may need to manually modify a migration file with a foreign id field?:

class User < ActiveRecord::Base
    has_secure_password
    attr_accessible :email, :password, :password_confirmation
    validates_uniqueness_of :email
    has_many :CustUploads
end

class CustUpload < ActiveRecord::Base
  attr_accessible :cust_file_url, :name
  before_create :default_name
  belongs_to :User

  def default_name
    self.name ||= File.basename(cust_file_url, '.*').titleize if cust_file_url
  end
end

This gives me tons of path errors which I’m fighting through now… as my new_cust_upload_path is probably something like new_user_cust_upload_path

I also think my forms and controllers need lots of modification….

I’m using form_for

<%= form_for(@cust_upload) do |f| %>

Which I think should now be @user.cust_upload?

controllers at the moment:

class UsersController < ApplicationController
    def new
        @user = User.new
    end

    def create
      @user = User.new(params[:user])
      if @user.save
        session[:user_id] = @user.id
        redirect_to root_url, notice: "Thank you for signing up!"
      else
        render "new"
      end
    end

end

class CustUploadsController < ApplicationController
  before_filter :authorize
  def index
    @cust_uploads = CustUpload.all
  end

  def show
    @cust_upload = CustUpload.find(params[:id])
  end

  def new
    @cust_upload = CustUpload.new
  end

  def create
    @cust_upload = CustUpload.create(params[:cust_upload])
  end

  def edit
    @cust_upload = CustUpload.find(params[:id])
  end

  def update
    @cust_upload = CustUpload.find(params[:id])
    if @cust_upload.update_attributes(params[:cust_upload])
        redirect_to @cust_upload_url, notice: "Cust upload was successfully updated."
      else
        render :edit
    end
  end

  def destroy
    @cust_upload = CustUpload.find(params[:id])
    @cust_upload.destroy
    redirect_to cust_uploads_url, notice: "Cust Upload was successfully destroyed"
  end
end

Any direction will be greatly appreciated. I’ve been through many tutorials and can make simple things work from scratch, I just can’t seem to integrate this functionality with my existing app. There is something here I can’t wrap my brain around and I’m hoping someone can provide me with that Eurika moment! Thanks

EDIT
routes.rb and my models appear to have the appropriate connections (code below). When in terminal I type “rake routes” I get a list as expected (see below) however I get and error: “No route matches {:action=>”show”, :controller=>”cust_uploads”}” for a link with user_cust_uploads_path. There is a show template in the cust_uploads path and rake routes says it exists! What am I missing? 

user_cust_uploads GET    /users/:user_id/cust_uploads(.:format)          cust_uploads#index
                      POST   /users/:user_id/cust_uploads(.:format)          cust_uploads#create
 new_user_cust_upload GET    /users/:user_id/cust_uploads/new(.:format)      cust_uploads#new
edit_user_cust_upload GET    /users/:user_id/cust_uploads/:id/edit(.:format) cust_uploads#edit
     user_cust_upload GET    /users/:user_id/cust_uploads/:id(.:format)      cust_uploads#show
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Considering you want to achieve

    1. Users who upload stuff should only see them.

    Why don’t you associate the uploads with a specific user id and then when showing them in the view pull them from their own id (current_user.uploads)

    • 0