This rails app is a one model app that has a single Song
model. A song has a title.
Your job is to implement best security practices for this app:
User login and authorization with devise.
We will follow instuctions from the devise website: https://github.com/plataformatec/devise
Add the gem devise to the Gemfile
gem 'devise'
Install it
bundle install
rails db:create
Run the gem's script files so it can generate the default files in the rails app
rails generate devise:install
Create the devise user model:
rails generate devise user
Link User to a new foreign key column in songs:
rails g migration AddUserToSongs user:references
rails db:migrate
Generate the default devise view files:
rails g devise:views
Devise might ask you to copy the secret devise key into the initializer file: config/initializers/devise.rb
Add a before action filter to the controller:
before_action :authenticate_user!, :except => [ :show, :index ]
Restrict the new link in the songs index with the devise helper
<% if user_signed_in? %>
<%= link_to 'New Song', new_song_path %>
<% end %>
Make a breakpoint (byebug) in the index
song controller method.
Inside the console see the value of current_user
current_user.id
See the current value of user_session
user_session
Set something in the user session
user_session[:song_cart] = "Single Ladies"
Use c
to continue out of the breakpoint.
Make another request.
See the value of user_session
has been retained.
Change both model files
app/models/song.rb
belongs_to :user
app/models/user.rb
has_many :song
Assign the logged in user as the song creator in app/controllers/songs_controller.rb
def create
@song = Song.new(song_params)
@song.user = current_user
if @song.save
redirect_to @song
else
render 'new'
end
end
<%= link_to 'log out', destroy_user_session_url, method: :delete %>