4. Creating the pages for the aims - verachell/Simple-rails-tryout-app-using-devise GitHub Wiki
Made a new page in app/views/homepages called dashboard.html.erb:
<p class="notice"><%= notice %></p>
<p class="alert"><%= alert %></p>
<h1>User dashboard</h1>
<p>Only logged in users can see this content</p>
<h2>Welcome <%= current_user.email %> </div></h2>
<%= button_to "Sign out", destroy_user_session_path, method: :delete %>
<h3>Your dashboard info</h3>
<p>Whatever info should be in the dashboard</p>
According to our aims, this page's URL is allowed to be widely known by search engines or others, but we need to authenticate before it displays.
To do this, in the homepages_controller.rb put:
class HomepagesController < ApplicationController
before_action :authenticate_user!, only: [:dashboard]
def index
end
end
in config/routes.rb put:
get 'mydashboard', to: 'homepages#dashboard'
This way, only the dashboard page (in this case localhost:3000/mydashboard ) will require authentication to view the page, but not the homepage or other pages on the same controller. This aim is now done.
NOTE TO SELF: probably don't want to have too many different pages here under HomepagesController since we could wind up with the problem of not being able to write the filters correctly
That returns a 404 if person isn't logged in, but displays fine to someone who is logged in. Create a new controller for this
bin/rails generate controller Secretpages index --skip-routes
in config/routes.rb put
get 'nothing-to-see-here', to: 'secretpages#index'
In app/controllers/secretpages_controller.rb put
class SecretpagesController < ApplicationController
before_action :ifnotauth404
def index
end
private
def ifnotauth404
unless user_signed_in?
redirect_to "/404.html"
end
end
end
If desired, change the content of app/views/secretpages/index.html.erb I put:
<h1>Privileged information</h1>
<p>This section should only be visible to a logged-in user, others should get a 404</p>
<ul><li>unmasked minutiae</li>
<li>revealed information</li>
<li>disclosed material</li></ul>
<%= button_to "Sign out", destroy_user_session_path, method: :delete %>
Test that this works: localhost:3000/nothing-to-see-here will display content if you are logged in, but will return a 404 if logged out.
This is a page anyone can access but displays additional content for authenticated users. Set up a new controller for this:
bin/rails generate controller Mixedpages index --skip-routes
in config/routes.rb put
get 'mixed-content', to: 'mixedpages#index'
I'm going to put as much of the logic as possible in the controller here. app/controllers/mixedpages_controller.rb :
class MixedpagesController < ApplicationController
def index
if user_signed_in?
infostr = '<div><h2>Extra information for logged in users</h2><ul><li>a</li><li>b</li><li>c</li></ul></div>'
# in reality the info above should ideally come out of the database and not be just
# sitting here in plain text in the controllers
else
infostr = ""
end
render "index", locals:{privinfo: infostr}
end
end
The view is in app/views/mixedpages/index.html.erb
<h1>Information</h1>
<p>Here is some general information for everyone</p>
<%= render inline: privinfo %>
View the page at localhost:3000/mixed-content and check that the content is different for a logged in and logged out user