▶️ Play from the beginning (~1 hour, 10 minutes)
In this demonstration, I will explain how to add user login features to a web app using the Devise gem. In particular, users will be able to register and log in to the web app with a username (their email address) and password. The system will allow some pages to be accessible without logging in, but will require that users be logged in to access other pages. Furthermore, the system will restrict access to data based on whether or not a user “owns” that data.
gem 'devise' to the Gemfile and running bundle install.rails generate devise:install. Inspect the output of the command, giving special attention to the instructions.notice/alert messages should have already been added to application.html.erb.)User Devise model class using rails generate devise .... Apply the generated migrations using rails db:migrate. Inspect the generated model class and routes (see rails routes).sign_up and sign_in).▶️ Check-in Changes: changeset, snapshot
rails generate devise:views. Inspect the added view files.devise/sessions/new.html.erb) to be consistent with the other views in the app. Test and debug as necessary.devise/registrations/new.html.erb) to be consistent with the other views in the app. Test and debug as necessary.▶️ Check-in Changes: changeset, snapshot
application.html.erb, adding to the right side of the nav-bar text/buttons corresponding to the user’s login status. If the user is currently logged in (see Devise helper user_signed_in?), display their email (see Devise helper current_user) and a “Sign Out” button. If the user is not current logged in, display a “Sign In” button.▶️ Check-in Changes: changeset, snapshot
ApplicationController to enforce that users must be signed in to access all pages (see Devise filter before_action :authenticate_user!). Test and debug as necessary.skip_before_action :authenticate_user!, only: ...). Test and debug as necessary.▶️ Check-in Changes: changeset, snapshot
db/seeds.rb to create some users. All that is needed is to set the User attributes email and password. Note that this is a little strange because password is not actually a model attribute.rails db:reset), run the web server, and confirm that the seed user was created correctly. Further confirm the state of the database by using the Rails Console and by inspecting the SQLite database.▶️ Check-in Changes: changeset, snapshot
The goal of this part is to make the user who creates a child object using the child CRUD pages the owner of that object, and by extension, all objects that belong to that child.
User class on the has-many side (as opposed to the belongs-to side).User object has many child objects. This change involves generating a migration that adds a foreign-key column to the child database table (see rails generate migration ...) and adding has_many and belong_to declarations to the User class and the child class, respectively.db/seeds.rb to add instances of the newly created association. Note that a child object must have an associated User object to be valid. Thus, calls to save! need to wait until the association links are instantiated and all objects to be saved are valid. Test and debug as necessary.index action to retrieve only the current user’s child objects, and update the child controller’s create action to instantiate an association link to the current user (see the Devise current_user helper). Test and debug as necessary.▶️ Check-in Changes: changeset, snapshot
test/fixtures/users.yml to have two User records. Include only their email attributes. Give special attention to the fact that the default User fixtures are broken and why.User to add association links.
belongs_to declaration and not the name of the foreign key column.test/models/user_test.rb to add a unit test for a User object that should be valid.rails test) and fix issues as necessary.
belongs_to declaration and not the name of the foreign key column.