Once a user logs into their account, they are presented with a list of ‘Employees’.
As of right now, when you click an employee, it takes the user to the ‘show’ page of that specific employee, however I want to add a ‘pin-protected’ aspect to that list before it renders the show page.
I want to add a simple layer of authentication that would go like this:
-
When a user clicks their name on a list, a text-field appears that asks for the selected employee’s pin.
-
The user types in the pin. On submit, it compares the inputted pin against the ‘pin’ column for that employees’ record. If it’s correct it grants access to the selected employee’s show page.
Is this something that is easily done in RoR? This is the first real app I have worked on, so I am having trouble wrapping my mind around a couple concepts like these.
Thanks so much!
Take a look at devise, it’s most definitely your best bet for Ruby on Rails 3 authentication layer.
You’re best bet if you just want to add a little functionality to your existing model class would be to add a method along the lines of:
And then you just need to modify your employee controller so that
showmethod checks to see if the pin has been provided (ideally via a session variable), otherwise redirect and request the pin with an additional method and routeEmployee#request_pinin the controller which asks the user to enter the pin, on success redirecting to theEmployee#showroute.Session handling in the controller
To write the session variable, you’d need an
Employee#check_pinmethod (as a POST route) and you’d just use the code:Then you’d check
session[:pin_valid]in yourEmployee#showmethod