High Leverage Rails
Introduction
Introduction to this course
Why use Ruby on Rails
Why use SQLite
Ruby on Rails + SQLite
Powering Your App with SQLite
Creating tables
Timestamps
Column types
Typeof
Ruby types
Creating table introduction
Creating table advanced
Inserting data
Updating data
Upserting data
Reading data
Virtual columns
Enums
Introduction to JSON
Indexing JSON
JSON table functions
Building a Modern Rails Application
Creating a new Rails application
Installing Solid Queue
Installing Solid Cache
Installing Solid Cable
Dockerfile
Application overview
Authentication
Base styles
Registration
Scaffolding posts
Polishing posts
Scaffolding comments
Polishing comments
Polishing models
Polishing controllers
Creating new post
Updating post
Reviewing MVP
Tagging posts
Custom tags
Friendly URLs
Full text search
Deploying & Operating Your App
Backups
Check Litestream locally
Verifying backups
Deployment options
Deploying with Hatchbox
Deployment constraints
Vertical scaling
Database access
Migrations
Locked video

Please purchase the course to watch this video.

Video thumbnail
Building a Modern Rails Application
Scaffolding posts

Full Course

$
129
USD
plus local taxes
Hatchbox.ioHatchbox.io

Rails hosting made simple

Deploy apps to servers that you own and control.

HoneybadgerHoneybadger

Move fast and fix things

Application monitoring that helps developers get it done.

Summary

Learn how to implement post creation in a Rails application using scaffolding. In this video, I set up user-submitted posts with automatic user association, ensuring secure data handling. Next, we’ll enhance security by restricting post creation to authenticated users while keeping posts publicly accessible.

Video Transcript

Now that our users can sign up and sign in to our application, we can turn our focus to the core of Lorem News—posts. To do this, we'll use Rails scaffolding to generate a Post resource.

Generating the Post Resource

Let's switch back to our command line and run the following command:

bin/rails generate scaffold Post 'user:belongs_to' 'title:string!:uniq' 'body:text!'

Running this command creates:

  • A migration defining the database structure
  • A Post model that belongs to a user
  • A controller with RESTful actions (index, show, new, edit, create, update, destroy)
  • Views for each action
  • Tests for the post functionality

Reviewing the Migration and Model

Let's inspect the migration file to ensure everything looks correct. Everything is set up properly. The posts table:

  • User (foreign key) – Links the post to the user who created it.
  • Title (string, required, unique) – Ensures each post has a distinct title.
  • Body (text, required) – Prevents empty posts from being submitted.

Before continuing, let's commit our changes.

Testing the Scaffolded Features

Now, let's start our development server and see how it looks.

Navigating to /posts, we see no posts yet, but we can go to /posts/new to create one. However, the form currently asks for a user ID, which we need to remove and set automatically based on the logged-in user.

Automatically Assigning the Current User to Posts

To ensure new posts are linked to the signed-in user, we update our Post controller:

We remove the user ID field from the form and set the user in the post controller:

def new
    @post = Current.user.posts.new
end

def create
  @post = Current.user.posts.new(post_params)

  if @post.save
	redirect_to @post, notice: "Post was successfully created."
  else
	render :new, status: :unprocessable_entity
  end
end

...

def post_params
  params.expect(post: [ :title, :body])
end

Here’s what’s happening:

  • Current.user.posts.new automatically sets the post’s user ID.
  • User input is limited to only the title and body, preventing unauthorized access.
  • If the post saves successfully, the user is redirected to the post’s page.

Adding the Association in the User Model

To complete this, we need to define the relationship in our User model:

class User < ApplicationRecord
  has_many :posts, dependent: :destroy
end

Now, each user can have many posts, and when a user is deleted, their posts will be removed as well (dependent: :destroy).

Improving the Post Form

Next, we update the form view (_form.html.erb) to remove the user selection field:

<%= form_with(model: post) do |form| %>
  <div>
    <%= form.label :title %>
    <%= form.text_field :title %>
  </div>

  <div>
    <%= form.label :body %>
    <%= form.text_area :body %>
  </div>

  <div>
    <%= form.submit %>
  </div>
<% end %>

Now, users don’t need to select their own ID—it’s handled automatically!

Testing Post Creation

Navigating to /posts/new, we create a new post:

  • Title: "My New Post"
  • Body: "This is the body."

Submitting the form, we see:

  • The post was successfully created
  • The user ID was correctly assigned

We also made small UI improvements to flash messages, making them more noticeable when actions succeed or fail.

Next Steps: Enhancing Security and Access Control

While the post submission works, there are some security enhancements we need to make:

  • Only authenticated users should be able to submit posts
  • Unauthenticated users should still be able to view posts (like Hacker News)
  • Authorization rules should be added to prevent unauthorized actions

We'll tackle these improvements in the next video to ensure our Rails and SQLite app is both secure and efficient.