Welcome to the Treehouse Community
Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.
Looking to learn something new?
Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.
Start your free trial
Nikit Saraf
Courses Plus Student 2,782 PointsAble to add myself as a friend in treebook
I was following along the video and covered up the friendship stage when I thought to take a review of the site I have created from the tutorial and then I noticed that when I go to my profile I see an add friend button. Suppose I created a user jason and when I login as jason and go to localhost:3000/jason I will see my profile and an add button there. This means I will be able to add myself as friend. I tried it and it was successful, I could send a friend request to myself which should not be the case. I have successfully hide the Add button when viewing my profile from the controller and the views by putting in conditions but I could still achieve the task from the rails console. So what I have done is still not secure and can not guarantee assurity. Most probably the changes are to be made in the user model but I tried a lot and failed to think anything. It would be really nice if someone could help me with this. Thanks in advance
2 Answers
Nikit Saraf
Courses Plus Student 2,782 PointsWell not to worry I finally found the solution for it. The thing you need to do is to add a validation in the user_friendship which says that friend.id should not be equal to the user.id. This can be done by
validate :friend_is_not_self
def friend_is_not_self errors.add(:base, "error message") if user.id==friend.id end
this will solve the problem and also delete the button in the views for the user
Nikit Saraf
Courses Plus Student 2,782 PointsWell not to worry I finally found the solution for it. The thing you need to do is to add a validation in the user_friendship which says that friend.id should not be equal to the user.id. This can be done by
validate :friend_is_not_self
def friend_is_not_self errors.add(:base, "error message") if user.id==friend.id end
this will solve the problem and also delete the button in the views for the user
arjun menon
903 Pointsarjun menon
903 Pointshey i added that code in d user_friendship model. but it still shows the add friend button. though clicking on it doesnt do anything. any idea how to remove the button from your own profile page.
Dena G
441 PointsDena G
441 PointsWere you able to remove the button all together? I added the code but like arjun I can still see the button. Thanks.