Join our Live Session and learn more about College Credits! 👩‍🎓 Register here!

🤑 Join the Treehouse affiliate program and earn 25% commission!

✨ No-code curious? Check out 4 new FREE Adalo courses and start building an app in minutes — no code required!

🌟 Dreaming of a bright future? 🎓 Ask about the Treehouse Scholarship program! 🚀

Well done!

You have completed Design and Development!

Sign up for Treehouse Back to Library

Preview

Sign up for Treehouse Continue

Assigning Users to Jobs

4:44 with Jim Hoskins

DESCRIPTION TK

Speaker's Notes
Questions?
Video Transcript
Downloads
Workspaces

This video doesn't have any notes.

Related Discussions

Have questions about this video? Start a discussion with the community and Treehouse staff.

Sign up

Related Discussions

Have questions about this video? Start a discussion with the community and Treehouse staff.

Sign up

[Master Class] [Designer and Developer Workflow] [Assigning Users to Jobs] 0:00

[Jim Hoskins] Now we have some authorization in place that 0:05

allows us to protect certain pages from 0:08

people who are not logged in. 0:11

This edit page here we're unable to get to, 0:13

and there's an error message displaying for us 0:16

when we try to access it. 0:19

If I were to click on "New Job," again, we must be logged in. 0:22

I'm going to sign in, and now I should be able to click "New Job," 0:25

and we can see the New Job form. 0:29

Now, right now, only 1 of our jobs has a 0:32

user associated with it, and that's because we put a lot of this data in 0:36

before we really had the idea of a user being associated with a job. 0:39

In our actual application, we want all of our jobs to be 0:45

associated with users. 0:48

What we need to do is either delete 0:50

all these invalid jobs or update them so they have a user. 0:52

What I'm going to do is go in the console and 0:56

update it so all the jobs have a user associated with them. 0:58

So, to do this, I'm going to open up the console, 1:02

and we'll just say all of the jobs have the same user. 1:05

I'll open up our rails console here. 1:09

And let me just check for a user ID. 1:12

I'm going to grab the first user 1:15

and grab its ID. 1:18

And the user ID is 1, 1:21

so now what we can do is update all the jobs so their user ID is 1. 1:23

And to do that, we'll just do "Job.update_all," 1:27

and we'll say "user_id" is 1. 1:32

If we're going to take a look at, say, Job.last.id, 1:39

or rather, Job.last.user_id, 1:43

we can see that the user ID is 1. 1:47

Let's take a look in the web browser 1:49

and see if we refresh, all of our jobs now should be 1:52

associated with my user. 1:55

All right, that looks good. 1:57

What I'm going to do is create another user so we can just 1:59

test this out a little bit, so I'm going to sign out, 2:01

and I'm going to register as Nick. 2:04

We have a new user. 2:09

We are signed in. 2:11

And we're still having a little bit of navigation problems here, but we'll fix that soon. 2:14

But we can see we're now logged in as Nick. 2:17

We want to make sure the current user is associated with that new job, 2:20

so let's check out our jobs controller. 2:24

And there are a couple of different ways we could go about this. 2:26

We could try to add it to the parameters in the form 2:29

that they're going to submit from new, 2:32

but we don't really need to worry about that. 2:35

We're going to let them submit without information, and on the step 2:37

where we actually create it, that point is when we can be sure 2:39

who is actually making the request, and we can make sure we put 2:43

the correct user in the new job. 2:46

So, a very, very simple way we can do this 2:50

is to simply say "job.user = current_user." 2:52

And remember that current user returns the user instance 3:02

of the person who's logged in, and in order for a create 3:06

to even be running, current user has to be true, 3:08

otherwise the before filter that we wrote would have rejected it 3:11

and not allowed this to execute. 3:14

Now, we do it at this stage here just to make sure 3:16

that they're not passing in a user ID as part of the params 3:18

trying to override anything or manually overriding the user 3:22

after any untrusted input has been put into Job.new. 3:26

There are a couple other security considerations that we'll explore 3:30

a little bit later, but for right now, we just want to make sure that the 3:33

user is associated with the current user any time we do this. 3:36

We've created a new job based on the form. 3:40

We forced user to be the current user no matter what. 3:43

And now we'll save it, and this should be enough. 3:46

Let's check it out. 3:49

Now that I'm signed in as Nick, I'll create a new job. 3:51

Let's say "Hammock Comfort Specialist." 3:53

And this will be for "Hammocks, Hammocks, Hammocks." 4:02

"Test the comfort of our new hammocks." 4:06

And I'll leave the details link out there. 4:13

So, hopefully, when we save this, 4:16

we've created a new job, and automatically, 4:18

Nick Pettit is associated with this new job. 4:22

So, we can go back. 4:26

We see we have the new job here by Nick. 4:28

We have other jobs by Jim, so it looks like we are now 4:31

associating our new jobs with the person who created them. 4:35

The next step is to restrict access for editing and deleting 4:39

to the person who created it. 4:42

You need to sign up for Treehouse in order to download course files.

Sign up

You need to sign up for Treehouse in order to set up Workspace

Sign up