In these projects, you’ll be working to implement authentication systems so users can only access areas of a site they are authorized to.
In this project, you’ll be building an exclusive clubhouse where your members can write anonymous posts. Inside the clubhouse, members can see who the author of a post is but, outside, they can only see the story and wonder who wrote it.
If you want to add your own stylistic flourishes, consider it extra credit.
The projects will be less and less explicit about how to achieve their goals, since we expect you to build on your previous knowledge. If you don’t know how to do something, feel free to check back in previous lessons or projects or Google the correct way to implement it (though be careful, because that may take you deeper down the road than we intended).
If you’d like to challenge yourself, don’t even follow the steps below, just go ahead and build the app!
- Think about and spec out how to set up your data models for this application. You’ll need users with the usual simple identification attributes like name, email and password. They’ll need to create posts as well.
- Create your new
members-onlyRails app and GitHub repo. Update your README.
- Add devise to your Gemfile and install it in your app using set up instructions on the devise README
note: At the time of writing, Devise and Turbo Drive don’t play nicely together. When using devise with Turbo Drive you have two options. Either you can generate the devise views to your local app (covered in the devise README) and then for each view with a form disable turbo drive by adding the data attribute. This is time consuming but simple to follow. The other way is to create a custom controller to handle this and then use devise for that. This GoRails episode covers how you’d do that. You might not understand everything being done but it’s a quicker solution. Hopefully Devise will be Rails 7 Turbo compatible by the time you read this
Authentication and Posts
Let’s build those secrets! We’ll need to make sure only signed in users can see the author of each post. We’re not going to worry about editing or deleting posts.
- Create a Post model and a Posts controller and a corresponding resource in your Routes file which allows the
[:new, :create, :index]methods.
- Atop your Posts Controller, use a
#before_actionto restrict access to the
#createmethods to only users who are signed in.
- For your Posts Controller, prepare your
- Write a very simple form in the
app/views/posts/new.html.erbview which will create a new Post.
- Make your corresponding
#createaction build a post where the foreign key for the author (e.g.
user_id) is automatically populated based on whichever user is signed in. Redirect to the Index view if successful.
- Fill out the
#indexaction of the PostsController and create the corresponding view. The view should show a list of every post.
- Now add logic in your Index view to display the author’s name, but only if a user is signed in.
- Sign in and create a few secret posts.
- Test it out – sign out and go to the index page. You should see a list of the posts but no author names. Sign in and the author names should appear. Your secrets are safe!
This section contains helpful links to other content. It isn’t required, so consider it supplemental.
- Railscasts #250 Authentication from Scratch
- Railscasts #274 Remember Me & Reset Password
- Watch A Twitter Clone Lets Build with Ruby on Rails Part 1 and A Twitter Clone Lets Build with Ruby on Rails Part 2. If you still need more inspiration for this project or want more insight then the rest of this tutorial series is a good resource.