This rails app is a one model app that has a single Song
model. A song has a title.
Your job is to implement best security practices for this app:
User login and authorization with devise.
We will follow instuctions from the devise website: https://github.com/plataformatec/devise
Add the gem devise to the Gemfile
gem 'devise'
Install it
bundle install
Run the gem's script files so it can generate the default files in the rails app
rails generate devise:install
Create the devise user model:
rails generate devise user
Link User to a new foreign key column in songs:
rails g migration AddUserToSongs user:references
rails db:migrate
Generate the default devise view files:
rails g devise:views
Devise might ask you to copy the secret devise key into the initializer file: config/initializers/devise.rb
Add a before action filter to the controller:
before_action :authenticate_user!, :except => [ :show, :index ]
Restrict the new link in the songs index with the devise helper
<% if user_signed_in? %>
<%= link_to 'New Song', new_song_path %>
<% end %>
Make a breakpoint (byebug) in the index
song controller method.
Inside the console see the value of current_user
current_user.id
See the current value of user_session
user_session
Set something in the user session
user_session[:song_cart] = "Single Ladies"
Use c
to continue out of the breakpoint.
Make another request.
See the value of user_session
has been retained.