search

ga-wdi-boston / capstone-project

Other
3 stars 29 forks source link

Unable to display resources belonging to a user #861

Closed 3point14guy closed 6 years ago

3point14guy commented 6 years ago

I am having an issue where all records created in a join table can be accessed by any user.

I have tried many different approaches to fix this from changing the controller on the back end to, attempting to select the user and requiring authentication on the front end to, using {{#if}} and {{#unless}} in handlebars.

Here is what I currently have:

const requestGarden = function (data) {
  console.log('requestGarden in api')
  return $.ajax({
    url: config.apiOrigin + '/gardens',
    method: 'GET',
    headers: {
      Authorization: 'Token token=' + store.user.token
    }
  })
}
const getGarden = function (data) {
  console.log('getGarden in events')
  api.requestGarden(data)
    .then(ui.getGardenSuccess)
    .then(function (data) {
      $('.delete-veggie-button').on('click', deleteVegetable)
      $('.update-comments-button').on('click', updateComments)
    })
    .catch(ui.getGardenFailure)
}
const getGardenSuccess = function (data) {
  console.log('data.gardens is ', data.gardens)
  const displayGardenHTML = displayGardenTemplate({ gardens: data.gardens })
  $('.your-list').empty()
  $('.your-list').append(displayGardenHTML)
  $('.your-list').show()
}
  {{#each gardens as |garden|}}
    {{#if this.user}}
      <li><h3>{{garden.vegetable.name}}</h3></li>
      <li><img class="thumbnail" src={{garden.vegetable.image}}></li>
      <br/>
      <li><textarea rows="4" cols="20">{{garden.vegetable.comments}}</textarea></li>
      <br/>
      <li><button data-id="{{garden.id}}" class="update-comments-button dropbtn"> Edit Comments </button></li>
      <li><button data-id="{{garden.id}}" class="delete-veggie-button dropbtn"> Delete </button></li>
    {{/if}}
{{/each}}
jordanallain commented 6 years ago

wait what is the problem? you want every user to be able to see all resources? just having trouble understanding what the issue is here.

3point14guy commented 6 years ago

Sorry, a user should only be able to see the resources that belong to them. The way that it is displaying now, that is not the case; they can see all of them, created by any user.

jordanallain commented 6 years ago

is the controller inheriting from open read or protected?

3point14guy commented 6 years ago

open read. when I do protected, nothing shows

jordanallain commented 6 years ago

what does the index action look like?

3point14guy commented 6 years ago 
const requestGarden = function (data) {
  console.log('requestGarden in api')
  return $.ajax({
    url: config.apiOrigin + '/gardens',
    method: 'GET',
    headers: {
      Authorization: 'Token token=' + store.user.token
    }
  })
}
jordanallain commented 6 years ago

the index action in your controller.

3point14guy commented 6 years ago 
def index
    @gardens = Garden.all

    render json: @gardens
  end

DUNT, DUNT, DUNNNN!

Set is up like below and now it is working! THANK YOU, JORDAN!!

@gardens = current_user.gardens.all