0

I'm building a simple blog app using Rails 4 (api) & Angularjs to help with learning Angularjs. I've already spent 2 days just getting my post model to communicate with Angularjs. It seems I've hit another wall trying to associate the posts with a user (using Devise).

I know that as I build on to this app, that I'll be using foreign keys & so I would love to hear from others who have built SPAs using rails & angularjs. I also tried to set Angularjs up to mimic Rails as close as possible.

How do you handle associations using Angularjs & Rails?

How do you even get Devise helpers, such as current_user & user_signed_in? to work in Angularjs templates?

Thank you in advance.

I can add more details if you need me to. I really just don't know where to go form here (I'm a newbie in both Rails & Angularjs)

Improve this question

2 Answers 2

Reset to default
1

How do you even get Devise helpers, such as current_user & user_signed_in? to work in Angularjs templates?

The simple answer is, you don't. There can be lots of philosophical debate on this subject, but essentially javascript is unsecure for this purpose because everything is available for a user to inspect in their browser.

If you want to associate a post with a user, you would be best to do so at the controller level in rails. Use current_user to set the user_id field on your Post (or whatever way you want to associate it).

I don't put any 'secure' functionality in my Angular apps.

Here's an example of how I do it in one of my apps where I associate the users organisation with a journey.

def create
    @journey = Journey.new(params[:journey])
    @journey.organisation = current_user.organisation
    if @journey.save
      render json: @journey
    else
      head :error
    end
end

Oh, also in your Api::PostsController you need to call before_filter :authenticate_user! to be able to use current_user

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Hi @muttonlamb. This works great (and I'm probably going to stick with this method) but I'm curious as to what others have to say so I think I'm going to wait a little while longer before mark this answer... Quick question: How would you handle conditional statements? (such as displaying an edit link if the current_user's id matches the post.user_id? Thanks
You can set a flag on your controller by comparing user id and post id, but you'd still need to validate it in your controller e.g. if current_user.id == post.id [some code to save] else [redirect or flash or error] end. So basically you just don't display the option in the angular view, but if some malicious user sends a correctly formed put request then it would still be rejected by the controller. Hope that helps!
0

These two repositories are a great example for this:

a RESTful Rails api

This repository contains a complete RESTful rails-api along with a clean documentation which walks developers through all construction steps. If you wish to start with ruby on rails, this repository is a great resource for you.

AngularJS front-end for the above api

This repository contains a complete RESTful AngularJs web application along with a clean documentation which walks developers through all construction steps. If you wish to start with AngularJs this repository is a great resource for you.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.