I have problems with devise, it works well to sign up, login etc but the the before_action :authenticate_worker! doesn't work.
When i'm on http://localhost:3000/workers/1/edit, i can change the id in the address and have access to the edit page of all workers...
Here is my workers controller:
class WorkersController < ApplicationController
skip_before_action :authenticate_user!, only: [:edit, :update]
before_action :authenticate_worker!, only: [:edit, :update]
before_action :set_worker, only: [:edit, :update]
def edit
@worker = Worker.find(params[:id])
end
def update
@worker = Worker.find(params[:id])
@worker.update(worker_params)
redirect_to worker_path(@worker)
end
private
def worker_params
params.require(:worker).permit(:first_name, :last_name, :phone_number, :email, :address, :construction, :renovation, :entretien, :charpente, :couverture, :ouverture, :terrasse, :plomberie, :maison, :chateau, :immeuble, :monument_historique, :message)
end
def set_worker
@worker = Worker.find(params[:id])
end
end
Here is my users controller:
class UsersController < ApplicationController
skip_before_action :authenticate_user!, only: [:index, :show]
skip_before_action :authenticate_worker!
before_action :set_user, only: [:show, :edit, :update]
def index
@radius_users = []
@client = Client.new
@users = User.all
@users = User.where.not(latitude: nil, longitude: nil)
@hash = Gmaps4rails.build_markers(@users) do |user, marker|
marker.lat user.latitude
marker.lng user.longitude
end
end
def show
@client = Client.new
@projects = Project.where(user_id: @user)
end
private
def user_params
params.require(:user).permit(:company, :first_name, :last_name, :position, :mobile_phone, :office_phone, :email, :address, :description, :radius, :photo_company_logo, :photo_presentation, :construction, :renovation, :entretien, :charpente, :couverture, :ouverture, :terrasse, :plomberie, :maison, :chateau, :immeuble, :monument_historique)
end
def set_user
@user = User.find(params[:id])
end
end
Here is my workers model:
class Worker < ApplicationRecord
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :trackable, :validatable
end
Here is my user model:
class User < ApplicationRecord
has_attachment :photo_presentation
has_attachment :photo_company_logo
has_many :projects, dependent: :destroy
# Include default devise modules. Others available are:
# :confirmable, :lockable, :timeoutable and :omniauthable
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :trackable, :validatable
#geocoder for google maps
geocoded_by :address
after_validation :geocode, if: :address_changed?
validates :email, uniqueness: true, presence: true
validates :company, presence: true, uniqueness: true
validates :first_name, presence: true
validates :last_name, presence: true
validates :office_phone, presence: true, uniqueness: true
validates :mobile_phone, presence: true, uniqueness: true
validates :address, presence: true
validates :description, presence: true, length: { minimum: 300, maximum: 900 }
validates :radius, presence: true, numericality: { only_integer: true, greater_than_or_equal_to: 50 }
validates :city, presence: true
validates :zip_code, presence: true
end
And here are routes:
Rails.application.routes.draw do
mount Attachinary::Engine => "/attachinary"
ActiveAdmin.routes(self)
devise_for :workers
devise_for :users
root to: 'pages#home'
resources :users
resources :projects
resources :clients, only: [:new, :create, :show, :edit, :update]
resources :articles, only: [:index, :new, :create, :show]
resources :workers, only: [:edit, :update]
end
Thanks guys!!!