Topic: difference between logged in user and another user's profile page

Hey all.

I've been steadily trucking along with my senior project here. I have a theory question though that I think I have all wrong:


Right now, the site shows a members page with the url .com/members/user_name. So, mine would be .com/members/kgosser. I'm using this routing code to get it done:


  map.with_options :controller => 'members' do |m|
    m.login 'members/login', :action => 'login'
    m.logout 'members/logout', :action => 'logout'
    m.authorize 'members/authorize', :action => 'authorize'
    m.all 'members/all', :action => 'all'
    m.signup 'members/signup', :action => 'signup'
    m.index 'members/:member', :action => 'index'
    m.connect 'members/', :action => 'all'
  end

I'm sending a parameter ":member" with a the pseudo action. So, .com/members/kgosser will give the param[:member]=kgosser.


I seem to be messing up with a logged in user viewing someone else's profile though. So, like if I'm logged in under my username, and I view .com/members/jsmith, I can edit his profile, etc.


I think my issue is because I'm confusing the role of session[:user] and params[:member].

On top of that, I'm getting params[:member] to be null far too often.



Any advice? I can post code snippits if someone needs it. Thanks for the replies.

Re: difference between logged in user and another user's profile page

I asked this on another thread, but it applies here too. What does session[:user] contain?

Also, do you have two models? User and Member, or do you just have Member?

Railscasts - Free Ruby on Rails Screencasts

Re: difference between logged in user and another user's profile page

I run all the member/user stuff through the member_controller, but I only have a User model. The thing is I'm trying to differentiate between the two like so:

Member: A member's page you are viewing
User: The particular member currently logged in


Here's where my session is being declared. It's in my members_controller:

class MembersController < ApplicationController
 
  def authorize
    if User.authenticate(params[:login], params[:password])
      @user = User.find_by_login(params[:login])
      session[:user] = @user
      redirect_to :action => 'index', :member => @user.login
    else
      reset_session
      redirect_to :action => :login
      flash[:error] = "Invalid user or password"
      flash[:message] = "Your account has not been activated yet"
    end
  end

Re: difference between logged in user and another user's profile page

Try the suggestion I mentioned in the other thread. I think it will solve a lot of problems.

Railscasts - Free Ruby on Rails Screencasts

Re: difference between logged in user and another user's profile page

Sorry to seem like a bug, but do either of you know what the previous thread RyanB is mentioning?  I tried searching for it with no luck. ><

Re: difference between logged in user and another user's profile page

Whoops, forgot to link to it. Here it is.

Railscasts - Free Ruby on Rails Screencasts

Re: difference between logged in user and another user's profile page

Thank you, ryanb!