Using Devise to create private profiles

I am currently trying to create private user profiles using the Devise gem. So far I have the sign up, login, sign out and edit profile functionality working. The problem is that when 开发者_如何转开发a user signs in he is able to see all other users by typing into the url users/[username]. I am relatively new to rails so I am still figuring out how to work with sessions.

So the quesiton is how do I limit a user's access to parts of a site that are specific to other users? And even better, is this easily done with the Devise gem?

In other words if i sign is as user john. I should be able to see the site /users/john (which is my profile) but not see the site /user/greg.

thanks

Devise will not do this, but CanCan will, as someone mentioned. CanCan may be a little heavy for a beginner just to do what you are trying to do. All you need to do is add a before_filter that checks who the user is.

For example:

class UserProfilesController < ApplicationController

  before_filter :verify_owner

  def show
    @user_profile = current_user.user_profile
    # or maybe this way, not sure how you have your relations set up
    # @user_profile = UserProfile.where(:user => current_user)
  end

private

  def verify_owner
    # assume the route looks like this  /user/:username
    redirect_to root_url unless current_user.username == params[:username]
  end    

end

Use CanCan to help for authorization. Devise + CanCan nothing else!

There is a great RailsCast on CanCan to get started with.