0

I'm building an events app with users who will each have a personal profile. I've set up a few users for the site but when I try and create and/or edit a profile for each user it refers me back to a flash message "That profile doesn't belong to you!" which is in reference to my first user profile which was set up and works fine.

I'm using Devise gem for initial set up but have built out from their with my own user controller. Here's the code from that controller -

class UsersController < ApplicationController
  before_action :authenticate_user!
  before_action :set_user
  before_action :owned_profile, only: [:edit, :update]

  def new
    @user = User.new
  end

  def show
    @user = User.find(params[:id])
  end

  def create
  end

  def edit  
    @user = current_user #User.find_by(params[:id])
  end  

  def update
    @user = User.find_by(params[:id])
    if @user.update(user_params)
        redirect_to user_path, notice: "Profile successfully updated!"
    else
        render 'edit'
    end
  end

  private

  def user_params
    params.require(:user).
      permit(:name, :username, :biography, :email, :url)
  end   

  def owned_profile
    unless current_user == @user
      flash[:alert] = "That profile doesn't belong to you!"
      redirect_to root_path
    end
  end

  def set_user
    @user = User.find_by(params[:id])
  end
end

Any assistance would be appreciated.

MTarantini
  • 939
  • 7
  • 11
Mike.Whitehead
  • 798
  • 18
  • 52

3 Answers3

0

If the issue is that Users are not able to edit their own profile, then I believe it is caused by the use of find_by within set_user:

@user = User.find_by(params[:id])

Should be:

@user = User.find(params[:id])

If you truly wanted to use find_by you could do:

@user = User.find_by_id(params[:id])

Or

@user = User.find_by(id: params[:id])

Find_by used as the 2 examples above will not throw an error if a User is not found, while find will.

Sidenote: You can remove the @user assignment within the show action.

MTarantini
  • 939
  • 7
  • 11
0

I would create an admin. An easy way to do this is to add a column to your users table called admin and make it a boolean. Migrate the db.

Then check to whether a user is an admin before running the owned_profile method. In that method, change: unless current_user == @user to

unless current_user == @user || current_user.admin

Then set yourself as an admin in the console, save and then freely add profiles without that callback running.

toddmetheny
  • 4,405
  • 1
  • 22
  • 39
  • Thanks a lot for answering but I'm not sure this solves the initial issue, though, as for each user I would want them to edit their own profile. At present it keeps kicking back to the flash message. – Mike.Whitehead Mar 30 '16 at 14:51
  • It solves it. They could still edit the profile and so could you. – toddmetheny Mar 30 '16 at 14:52
  • What if I don't want to set myself as an admin for the site? – Mike.Whitehead Mar 30 '16 at 15:05
  • you can always remove the admin from yourself after you create those users. there can be multiple admin users. But you would just go and change admin to false on your user in the console. – toddmetheny Mar 30 '16 at 15:06
  • Another option is to skip callbacks: http://stackoverflow.com/questions/7572652/rails-3-skip-validations-and-callbacks – toddmetheny Mar 30 '16 at 15:07
  • There seems to be an issue when I'm creating a new user - the code isn't creating a new blank profile template for me to edit/update. No matter which user I'm signed in as when I try and edit the profile they all want to jump back to the original profile I created. It's weird.....and frustrating...as there's no error messages. – Mike.Whitehead Mar 30 '16 at 15:28
  • Are you still signed in as yourself? – toddmetheny Mar 30 '16 at 15:29
  • No, I'm signing out each time and signing back in. I've set up 5 different users now and its the same with all of them. – Mike.Whitehead Mar 30 '16 at 15:37
  • well--the admin thing will fix it. That validation won't even run if you're admin. You just stay signed in as the same user. It's cool if you don't want to try that but I gave you a solution that will work. It just seems like you don't want to do it. Which is totally cool. You can solve it a different way if you prefer. – toddmetheny Mar 30 '16 at 15:48
  • You can take a look at my answer.. it's possible that this is caused by the use of `find_by`. Worth a shot. – MTarantini Mar 30 '16 at 15:59
0

You can do it by this way.

When user signing up, automatically creates profile. Good point of this ID of user and profile tables will be the same.

rails g model profile first_name last_name email

rails g migration add_user_id_to_profiles user_id:integer

Profile.rb

belongs_to :user

User.rb

has_one :profile, dependent: :destroy

before_create :set_profile
def set_profile
    build_profile(id: self.id, user_id: self.id, email: self.email)
end

GoodLuck.

7urkm3n
  • 6,054
  • 4
  • 29
  • 46