Bummer! This is just a preview. You need to be signed in with a Pro account to view the entire video.
Assigning Users to Jobs4:44 with Jim Hoskins
[Master Class] [Designer and Developer Workflow] [Assigning Users to Jobs] 0:00 [Jim Hoskins] Now we have some authorization in place that 0:05 allows us to protect certain pages from 0:08 people who are not logged in. 0:11 This edit page here we're unable to get to, 0:13 and there's an error message displaying for us 0:16 when we try to access it. 0:19 If I were to click on "New Job," again, we must be logged in. 0:22 I'm going to sign in, and now I should be able to click "New Job," 0:25 and we can see the New Job form. 0:29 Now, right now, only 1 of our jobs has a 0:32 user associated with it, and that's because we put a lot of this data in 0:36 before we really had the idea of a user being associated with a job. 0:39 In our actual application, we want all of our jobs to be 0:45 associated with users. 0:48 What we need to do is either delete 0:50 all these invalid jobs or update them so they have a user. 0:52 What I'm going to do is go in the console and 0:56 update it so all the jobs have a user associated with them. 0:58 So, to do this, I'm going to open up the console, 1:02 and we'll just say all of the jobs have the same user. 1:05 I'll open up our rails console here. 1:09 And let me just check for a user ID. 1:12 I'm going to grab the first user 1:15 and grab its ID. 1:18 And the user ID is 1, 1:21 so now what we can do is update all the jobs so their user ID is 1. 1:23 And to do that, we'll just do "Job.update_all," 1:27 and we'll say "user_id" is 1. 1:32 If we're going to take a look at, say, Job.last.id, 1:39 or rather, Job.last.user_id, 1:43 we can see that the user ID is 1. 1:47 Let's take a look in the web browser 1:49 and see if we refresh, all of our jobs now should be 1:52 associated with my user. 1:55 All right, that looks good. 1:57 What I'm going to do is create another user so we can just 1:59 test this out a little bit, so I'm going to sign out, 2:01 and I'm going to register as Nick. 2:04 We have a new user. 2:09 We are signed in. 2:11 And we're still having a little bit of navigation problems here, but we'll fix that soon. 2:14 But we can see we're now logged in as Nick. 2:17 We want to make sure the current user is associated with that new job, 2:20 so let's check out our jobs controller. 2:24 And there are a couple of different ways we could go about this. 2:26 We could try to add it to the parameters in the form 2:29 that they're going to submit from new, 2:32 but we don't really need to worry about that. 2:35 We're going to let them submit without information, and on the step 2:37 where we actually create it, that point is when we can be sure 2:39 who is actually making the request, and we can make sure we put 2:43 the correct user in the new job. 2:46 So, a very, very simple way we can do this 2:50 is to simply say "job.user = current_user." 2:52 And remember that current user returns the user instance 3:02 of the person who's logged in, and in order for a create 3:06 to even be running, current user has to be true, 3:08 otherwise the before filter that we wrote would have rejected it 3:11 and not allowed this to execute. 3:14 Now, we do it at this stage here just to make sure 3:16 that they're not passing in a user ID as part of the params 3:18 trying to override anything or manually overriding the user 3:22 after any untrusted input has been put into Job.new. 3:26 There are a couple other security considerations that we'll explore 3:30 a little bit later, but for right now, we just want to make sure that the 3:33 user is associated with the current user any time we do this. 3:36 We've created a new job based on the form. 3:40 We forced user to be the current user no matter what. 3:43 And now we'll save it, and this should be enough. 3:46 Let's check it out. 3:49 Now that I'm signed in as Nick, I'll create a new job. 3:51 Let's say "Hammock Comfort Specialist." 3:53 And this will be for "Hammocks, Hammocks, Hammocks." 4:02 "Test the comfort of our new hammocks." 4:06 And I'll leave the details link out there. 4:13 So, hopefully, when we save this, 4:16 we've created a new job, and automatically, 4:18 Nick Pettit is associated with this new job. 4:22 So, we can go back. 4:26 We see we have the new job here by Nick. 4:28 We have other jobs by Jim, so it looks like we are now 4:31 associating our new jobs with the person who created them. 4:35 The next step is to restrict access for editing and deleting 4:39 to the person who created it. 4:42
You need to sign up for Treehouse in order to download course files.Sign up