ruby-on-railsdevisesqlite3-ruby

Rails App Display Button/Link Depending on Users["rank"]


Okay so the goal of this question is for me to figure out how I can display components on a view depending on the Users attributes stored in my database. I'm new to rails so figuring out how to work with data will help me better grasp the framework.

NOTE: I'm using Devise for user auth and SQlite3 for my database.

Here's the example that I'm trying to figure out: I have a table "Users" that contains each users info including an element "rank". Depending on the users rank (if rank >= 2) I would like to display a button for the user to go to a new view. Once on that view I would like to verify the users rank again (for security purposes).

Please let me know if you would like me to edit/add anything to my question to better help you in determining a solution. Thank you all ahead of time!



Schema.rb

ActiveRecord::Schema.define(version: 2020_01_04_235503) do

  create_table "users", force: :cascade do |t|
    t.string "email", default: "", null: false
    t.string "encrypted_password", default: "", null: false
    t.string "reset_password_token"
    t.datetime "reset_password_sent_at"
    t.datetime "remember_created_at"
    t.string "confirmation_token"
    t.datetime "confirmed_at"
    t.datetime "confirmation_sent_at"
    t.datetime "created_at", precision: 6, null: false
    t.datetime "updated_at", precision: 6, null: false
    t.string "userid"
    t.string "companyid"
    t.string "properties"
    t.string "rank"
    t.string "firstname"
    t.string "lastname"
    t.string "username"
    t.index ["confirmation_token"], name: "index_users_on_confirmation_token", unique: true
    t.index ["email"], name: "index_users_on_email", unique: true
    t.index ["reset_password_token"], name: "index_users_on_reset_password_token", unique: true
    t.index ["username"], name: "index_users_on_username", unique: true
  end

end



dashboard#index

<!DOCTYPE html>
<html>
  <head>
    <title>Berwald | Dashboard</title>
    <%= csrf_meta_tags %>
    <%= csp_meta_tag %>

    <%= stylesheet_link_tag 'application', media: 'all', 'data-turbolinks-track': 'reload' %>
    <%= javascript_pack_tag 'application', 'data-turbolinks-track': 'reload' %>
    <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.4.1/css/bootstrap.min.css" integrity="sha384-Vkoo8x4CGsO3+Hhxv8T/Q5PaXtkKtu6ug5TOeNV6gBiFeWPGFN9MuhOf23Q9Ifjh" crossorigin="anonymous">

  </head>

  <body>

    <nav class="navbar navbar-dark bg-dark">
      <div class="navbar-nav mr-auto">
        <img src="https://berwald.s3.us-east-2.amazonaws.com/images/berwald_logo.png" class="nav-logo">
      </div>
      <li class="nav-item dropdown">
        <a class="nav-link dropdown-toggle nav-dropdown" href="#" id="navbarDropdown" role="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
          Account
        </a>
        <div class="dropdown-menu" aria-labelledby="navbarDropdown">
          <a class="dropdown-item nav-dropdown-button" href="">Settings</a>
          <div class="dropdown-divider"></div>
          <a class="dropdown-item"><%= link_to 'Sign out', destroy_user_session_path, :method => :delete, class: "nav-dropdown-button" %></a>
        </div>
      </li>
    </nav>

    <div class="card" style="width: 18rem;">
      <img src="..." class="card-img-top" alt="...">
      <div class="card-body">
        <h5 class="card-title">Create New Property</h5>
        <p class="card-text">Some quick example text to build on the card title and make up the bulk of the card's content.</p>
        <a href="#" class="btn btn-primary">Add</a>
      </div>
    </div>

    <div class="card" style="width: 18rem;">
      <img src="..." class="card-img-top" alt="...">
      <div class="card-body">
        <h5 class="card-title">Manage Users</h5>
        <p class="card-text">Some quick example text to build on the card title and make up the bulk of the card's content.</p>
        <a href="#" class="btn btn-primary">Go</a>
      </div>
    </div>


    <script src="https://code.jquery.com/jquery-3.4.1.slim.min.js" integrity="sha384-J6qa4849blE2+poT4WnyKhv5vZF5SrPo0iEjwBvKU7imGFAV0wwj1yYfoRSJoZ+n" crossorigin="anonymous"></script>
    <script src="https://cdn.jsdelivr.net/npm/popper.js@1.16.0/dist/umd/popper.min.js" integrity="sha384-Q6E9RHvbIyZFJoft+2mJbHaEWldlvI9IOYy5n3zV9zzTtmI3UksdQRVvoxMfooAo" crossorigin="anonymous"></script>
    <script src="https://stackpath.bootstrapcdn.com/bootstrap/4.4.1/js/bootstrap.min.js" integrity="sha384-wfSDF2E50Y2D1uUdj0O3uMBJnjuUD4Ih7YwaYd1iqfktj0Uod8GCExl3Og8ifwB6" crossorigin="anonymous"></script>
  </body>
</html>

Solution

  • Assuming you're using ERB, the code to enable or disable a link by user would be...

    <% if current_user.rank >= 2 %>
      <%= link_to customers_path %>
    <% end %>
    

    In the CustomersController you could do

    class CustomersController < ApplicationController
    
      before_action :check_user_rank, only: :index
    
      def index
        # show index of customers
      end
    
      private
    
      def check_user_rank
        if current_user.rank < 2
          flash[:error] = 'You are not allowed to do this action'
          redirect_back(fallback: root_path)
        end
      end
    
    end