Closed 3point14guy closed 6 years ago
wait what is the problem? you want every user to be able to see all resources? just having trouble understanding what the issue is here.
Sorry, a user should only be able to see the resources that belong to them. The way that it is displaying now, that is not the case; they can see all of them, created by any user.
is the controller inheriting from open read or protected?
open read. when I do protected, nothing shows
what does the index action look like?
const requestGarden = function (data) {
console.log('requestGarden in api')
return $.ajax({
url: config.apiOrigin + '/gardens',
method: 'GET',
headers: {
Authorization: 'Token token=' + store.user.token
}
})
}
the index action in your controller.
def index
@gardens = Garden.all
render json: @gardens
end
DUNT, DUNT, DUNNNN!
Set is up like below and now it is working! THANK YOU, JORDAN!!
@gardens = current_user.gardens.all
I am having an issue where all records created in a join table can be accessed by any user.
I have tried many different approaches to fix this from changing the controller on the back end to, attempting to select the user and requiring authentication on the front end to, using {{#if}} and {{#unless}} in handlebars.
Here is what I currently have: