Accessing one controller variable in another controller in Rails

Question

I have a C programming background and I am learning Ruby/Rails for a side project. Currently I am struggling to understand how the scoping of variables works. Here is an example of a problem I am hitting. I have a User and a Product model. In the Product DB I store different products and one of the fields is a userid field that matches the userid stored in the User table. After the user logs in - I display the user's name, email etc (this is stored in @current_user) and then have a link to show different products owned by the user. I do this via the following code in users/show.html.erb like this: ...

Name: <%= @current_user.name %>

... <%= link_to "Products", products_path, id: "products" %>

So far so good. When I click the "Products" link it takes me to products/index.html.erb and the following code gets executed (I want to filter this display to show only products owned by @current_user.userid. How do I do this? The following code gives me a runtime error as @current_user evaluates to nil I believe. If I remove the "if" clause then all products ar displayed which is not what I want. Would be grateful for any tips.

<tbody>
<% @products.each do |product| %>
  <tr>
    <td><%= product.userid if product.userid == @current_user.userid %></td>
    <td><%= product.productName if product.userid == @current_user.userid %></td>
    <td><%= product.productLink if product.userid == @current_user.userid %></td>

Thanks,

Answer 1

I was going to make this a comment, but I think it is worthy of an answer. The thing to understand about not just rails, but the entire internets, is that HTTP is stateless. This means that in your controller you grab the user's information, build them a webpage with all of their stuff from the database, and send it out to them. Then they do something on the page and send a request in for another page or more data, and your rails app is like "Oh hai! Who are you?" Because all those variables that you filled up with nice information are just gone. Every time your app receives a request, it makes a brand new instance of the controller it is using, and then gets rid of it afterwards, along with everything inside it. And this is important, because there might be thousands, or millions of people currently logged into your ultimate frisbee league website trying to figure out who is playing where on Saturday. And you want to give the right info to the right person, you can't assume that the person you last sent information to is the same person asking you for new info now.

So we need to use the session, some information that gets passed to the client browser every time you send out a page, and the browser sends it back to you with every request. You put enough info in the session so that you can use it to rebuild what you need from the server when you get a response. I'm going to make this real simple and then refer you to the Rails Security Guide where you can get some more important information. Actually, I'll just use their example:

You can add the user id to the session this way:

session[:user_id] = @current_user.id

And then get it back this way:

@current_user = User.find(session[:user_id])

And then you use your user model (in this case) to get the specific info you need from the database. Here's another link to the Rails guides because it's so nice, I'm linking it twice: http://guides.rubyonrails.org/security.html#what-are-sessions-questionmark

If you are doing something that requires a password you can use a gem like devise, instructions here, but be warned, it totally hijacks your user model, your sessions controller, some views, basically all things related to logging in and identity. It isn't easy to customize, but it makes all this stuff and things much more complicated very simple to implement. If you don't need any usernames or passwords and you are doing something real simple just skip the special gems and use the session yourself.