Welcome to the Treehouse Community
Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.
Looking to learn something new?
Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.
Start your free trial
Joshua Hardy
17,317 PointsHow to build a user profile page.
My current project is a social network site. I am at the stage where I build the user profile page. The approach that I am taking is that the profile page is basically a template where information pertaining to the user is pulled from the database, and fills the template. The issue that I am having is how to let the browser know if this profile page belongs to the user or a visitor to the page. This is important due to not wanting unauthorized personnel modifying a user profile.
I have not started on any code yet, so I have none to post.
1 Answer
Kevin Korte
28,148 PointsLots of ways to handle this, here are a couple thoughts that come to mind.
At the template level, you could control access to data. You would be able to tell if the current user is logged in, and if the logged in user is the owner of the this profile or not. With that information, you could in your template wrap the data that should only exists if the user is the owner of the profile in an if check, something like if (user = this.user) { show private user info }.
Another option is at the routing level. When a user hits a route for a user profile, your could check if the requesting user is a logged in user, and if so, is the user the owner of that profile, if so, you send them to the template that has the personal information. If the requesting user is not the owner, than they get the "public" info template. This is also a pretty good option because in your "owner template" you can make as much of the data as you want editable or modifyable, and since the logic is controlled at the router, and not the template, you don't have to worry too much about the wrong person modifying someone else's profile, however to be safe I'd still do an auth check each time a profile is updated to still make sure the users that sent the update is the owner of the profile.
Recently in my own project I took the second approach, auth'ing the user the router level, instead of the template. The downside is I have two templates to maintain, upside is my template is much, much cleaner. It also affords you a good opportunity to have a slightly different UI for the profile owner (like options to edit/modify profile) vs just another visiting user, again without littering your template with a whole lotta checks. I like keeping logic out of templates as much as possible.
Joshua Hardy
17,317 PointsJoshua Hardy
17,317 PointsSo with the routing template....make a template user profile, then two classes under template? One for owner's profile page and one for public page?
Kevin Korte
28,148 PointsKevin Korte
28,148 PointsKinda, how much of this project is done, are you using a router or templating engine?
Joshua Hardy
17,317 PointsJoshua Hardy
17,317 PointsI've created user registration, connect & sessions...V .1 is what I called that bundle. Next is user profiles...when you say engine, do you mean a set of code that I write? Or vendor code? I was planning on using code for the router style.