Preview

Start a free Courses trial
to watch this video

Assigning Users to Jobs

Name: Assigning Users to Jobs
Uploaded: 2013-06-17T16:39:13-04:00
Duration: 284 s
Description: DESCRIPTION TK

4:44 with Jim Hoskins

DESCRIPTION TK

Speaker's Notes
Questions?
Video Transcript
Downloads
Workspaces

This video doesn't have any notes.

Related Discussions

Have questions about this video? Start a discussion with the community and Treehouse staff.

Related Discussions

Have questions about this video? Start a discussion with the community and Treehouse staff.

[Master Class] [Designer and Developer Workflow] [Assigning Users to Jobs] 0:00

[Jim Hoskins] Now we have some authorization in place that 0:05

allows us to protect certain pages from 0:08

people who are not logged in. 0:11

This edit page here we're unable to get to, 0:13

and there's an error message displaying for us 0:16

when we try to access it. 0:19

If I were to click on "New Job," again, we must be logged in. 0:22

I'm going to sign in, and now I should be able to click "New Job," 0:25

and we can see the New Job form. 0:29

Now, right now, only 1 of our jobs has a 0:32

user associated with it, and that's because we put a lot of this data in 0:36

before we really had the idea of a user being associated with a job. 0:39

In our actual application, we want all of our jobs to be 0:45

associated with users. 0:48

What we need to do is either delete 0:50

all these invalid jobs or update them so they have a user. 0:52

What I'm going to do is go in the console and 0:56

update it so all the jobs have a user associated with them. 0:58

So, to do this, I'm going to open up the console, 1:02

and we'll just say all of the jobs have the same user. 1:05

I'll open up our rails console here. 1:09

And let me just check for a user ID. 1:12

I'm going to grab the first user 1:15

and grab its ID. 1:18

And the user ID is 1, 1:21

so now what we can do is update all the jobs so their user ID is 1. 1:23

And to do that, we'll just do "Job.update_all," 1:27

and we'll say "user_id" is 1. 1:32

If we're going to take a look at, say, Job.last.id, 1:39

or rather, Job.last.user_id, 1:43

we can see that the user ID is 1. 1:47

Let's take a look in the web browser 1:49

and see if we refresh, all of our jobs now should be 1:52

associated with my user. 1:55

All right, that looks good. 1:57

What I'm going to do is create another user so we can just 1:59

test this out a little bit, so I'm going to sign out, 2:01

and I'm going to register as Nick. 2:04

We have a new user. 2:09

We are signed in. 2:11

And we're still having a little bit of navigation problems here, but we'll fix that soon. 2:14

But we can see we're now logged in as Nick. 2:17

We want to make sure the current user is associated with that new job, 2:20

so let's check out our jobs controller. 2:24

And there are a couple of different ways we could go about this. 2:26

We could try to add it to the parameters in the form 2:29

that they're going to submit from new, 2:32

but we don't really need to worry about that. 2:35

We're going to let them submit without information, and on the step 2:37

where we actually create it, that point is when we can be sure 2:39

who is actually making the request, and we can make sure we put 2:43

the correct user in the new job. 2:46

So, a very, very simple way we can do this 2:50

is to simply say "job.user = current_user." 2:52

And remember that current user returns the user instance 3:02

of the person who's logged in, and in order for a create 3:06

to even be running, current user has to be true, 3:08

otherwise the before filter that we wrote would have rejected it 3:11

and not allowed this to execute. 3:14

Now, we do it at this stage here just to make sure 3:16

that they're not passing in a user ID as part of the params 3:18

trying to override anything or manually overriding the user 3:22

after any untrusted input has been put into Job.new. 3:26

There are a couple other security considerations that we'll explore 3:30

a little bit later, but for right now, we just want to make sure that the 3:33

user is associated with the current user any time we do this. 3:36

We've created a new job based on the form. 3:40

We forced user to be the current user no matter what. 3:43

And now we'll save it, and this should be enough. 3:46

Let's check it out. 3:49

Now that I'm signed in as Nick, I'll create a new job. 3:51

Let's say "Hammock Comfort Specialist." 3:53

And this will be for "Hammocks, Hammocks, Hammocks." 4:02

"Test the comfort of our new hammocks." 4:06

And I'll leave the details link out there. 4:13

So, hopefully, when we save this, 4:16

we've created a new job, and automatically, 4:18

Nick Pettit is associated with this new job. 4:22

So, we can go back. 4:26

We see we have the new job here by Nick. 4:28

We have other jobs by Jim, so it looks like we are now 4:31

associating our new jobs with the person who created them. 4:35

The next step is to restrict access for editing and deleting 4:39

to the person who created it. 4:42

You need to sign up for Treehouse in order to download course files.

You need to sign up for Treehouse in order to set up Workspace

Design and Development

Assigning Users to Jobs

Related Discussions

Related Discussions