0

I am having issues with devise current_user confusing my model's :id as the users :id.

routes:

match "/causes/:id/:slug" => "causes#show", :as => :cause, :via => 'get'
match "/causes/:id/:slug/edit" => "causes#edit", :as => :edit_cause, :via => 'get'
match "/causes/:id/:slug" => "causes#update", :via => 'put'

resources :causes, :only => [:index, :new, :create]

in my :causes controller:

before_filter :check_privileges, only: [:new, :create, :edit, :new, :update]

def check_privileges
    #when I use this code everyone can access edit, etc.
    redirect_to root_path unless current_user
end

and in my :causes model

  belongs_to :user

For some reason, when I use current_user at all, in this controller, it always thinks that current_user is equal to the id in /causes/:id/:slug/

I have tried putting the check privileges code in the application controller,

I have even tried assigning code like this:

def check_privileges
    #when I use this code no one can access edit, etc
    @user = User.find_by_id(params[:id])
    redirect_to root_path unless @user
end

I need help, anyone have suggestions? All I want it to do is verify the user is the current user so not everyone can edit the cause.

kaigth
  • 158
  • 2
  • 8

1 Answers1

0

Your post is a bit confusing. IIRC devise stores the current user id in the session and does not ever get it from the url.

Seeing that this is a problem associated with privileges and rolling out your own solution. I would highly recommend an alternative.

https://github.com/ryanb/cancan

This works great with devise and should solve your problems

stellard
  • 5,162
  • 9
  • 40
  • 62
  • Unfortunately this did not work. If I am user 1, and in cause 1 I can edit the cause, but if not, I get routed back to root. I am still puzzled by this one. – kaigth May 15 '12 at 19:37
  • I am still puzzle by your question. Why are you using the id from the params to set the user `@user = User.find(params[:id])` ? Of course this would not work. – stellard May 15 '12 at 22:25
  • that was a typo, my apologies, im using User.find_by_id(params[:id]) – kaigth May 15 '12 at 23:24
  • still, thats not the confusing bit. The params[:id] is not a user id for the route match "/causes/:id/:slug". – stellard May 16 '12 at 10:35
  • I guess you are right, I solved this by comparing current_user.id to @cause.user_id and avoiding using params. Thanks stellard. I will post the answer soon. – kaigth May 16 '12 at 17:00