In migrating a rails application from 3.2 to 4.1, I am hitting some issues with user creation. As there is a need to distinguish the current_user form a local_user. The controller create action
def create
#local_user = User.new(user_params)
respond_to do |format|
if #local_user.save
if params[:user][:avatar].present?
format.html { render :crop }
else
format.html { redirect_to(admin_user_path(#local_user), :notice => 'User was successfully created.') }
end
else
format.html { render :action => "new" }
end
Generates a console error: Unpermitted parameters: name, surname, pen_name[...], yet the User controller defines them:
def user_params
params.require(:user).permit(:name, :surname, :pen_name, [...])
end
The form call is:
<%= form_for(resource, :as => resource_name, :url => registration_path(resource_name), :method => :post, :validate => true) do |f| %>
This is necessarily a devise issue for a user can be created with the scaffolding for the User class with the exact same variables. There is some logic that devise is going through which does not pull all the controller logic ; what am I missing?
Needs a devise specific initializer, as per this demo, where all variables can be entered as an array.
Related
I have a Page Model that has a :name attribute. I have a specific route for the Page Model with the name "home", because I want this specific Page record to be found at the root_url. This works.. but because I'm hard coding the route... I only want users with the role "super_admin" to be able to change the :name attribute, on the Page model, where the name == "home". For example, users with the "admin" role should not be able to change the :name attribute on the "home" Page.
Can I get that fine grained with CanCan?
Should I put this logic in the PageControllers update action?
Should I set the "page#show" route differently (not hard code it)?
Not sure how to do any of these.
Thanks in advance for any advice!
ability.rb
elsif user.role == "admin"
can :manage, :all
cannot :update, Page, ["name == ?", "home"] do |page|
page.name == "home"
end
end
routes.rb (I'm using friendly_id to generate a slug from the :name attribute)
match '/:slug', :to => "pages#show", :as => :slug, :via => :get
root :to => 'pages', :controllers => "pages", :action => "show", :slug => "home"
pages_controller.rb (standard)
def update
#page = Page.find(params[:id])
respond_to do |format|
if #page.update_attributes(params[:page])
format.html { redirect_to #page, notice: 'Page was successfully updated.' }
format.json { head :no_content }
else
format.html { render action: "edit" }
format.json { render json: #page.errors, status: :unprocessable_entity }
end
end
end
I must admit, I've read your question three times, and I think I have answers for you...
1 - Yes, I believe so. However, I'm not convinced your ability.rb code is correct. I'd aim for something closer to this:
cannot :update, Page do |page|
page.name == "home"
end
2 - If you do load_and_authorize_resource in your controller, that should be all you need, because that will load #page for you.
class PagesController < ApplicationController
load_and_authorize_resource
def update
respond_to do |format|
if #page.update_attributes(params[:page])
format.html { redirect_to #page, notice: 'Page was successfully updated.' }
format.json { head :no_content }
else
format.html { render action: "edit" }
format.json { render json: #page.errors, status: :unprocessable_entity }
end
end
end
end
3 - To me, your route looks fine. That's likely the way I'd approach it.
I have a form that I want a user to put in their name and email, which get stored in a session. They can then post text in a chat box.
In my view, to create the initial session:
<%= simple_form_for(#comments, :url => guest_login_order_path(#order)) do |f| %>
<input name="comment[new_user_comment_name]" />
<input name="comment[new_user_comment_email]" />
<%= f.button :submit, :value => 'Guest Signin', :class => '' %>
<% end %>
This goes to my controller:
def guest_login
#order = Order.where(:public_hash => params[:public_hash]).first
session[:new_user_account] = params[:new_user]
respond_to do |format|
if session[:new_user_account]
format.html { redirect_to #order, notice: 'Your account has been created.' }
format.json { render json: #order, status: :created, location: #order }
else
format.html { render action: "invoice" }
format.json { render json: #order.errors, status: :unprocessable_entity }
end
end
end
The params get passed correctly but I'm not quite sure if the cookie is being created. Is there way to specify a name so I can see if it was created? Also in the view, would I have a conditional then to see if there is a session present?
Rails creates a session for you so you don't need to check if it's present. If you'd like to easily retrieve the user from the session you can create a helper method in your application controller:
class ApplicationController < ActionController::Base
def current_user
#current_user ||= session[:new_user_account]
end
helper_method :current_user
end
This method will be available to other controllers and views in your app.
I'm trying to include a login (username / password) in the header of my application.html.erb. I am getting this error:
Missing partial /login with {:handlers=>[:rjs, :builder, :rhtml, :erb, :rxml], :locale=>[:en, :en], :formats=>[:html]} in view paths "/app/views"
This is happening when I make this call in my application.html.erb:
<%= render '/login' %>
'/login' is defined in my routes.rb as:
match '/login' => "sessions#new", :as => "login"
UPDATE: here is my sessions controller:
class SessionsController < ApplicationController
def create
if user = User.authenticate(params[:email], params[:password])
session[:user_id] = user.id
user.last_login = Time.now
user.save
redirect_to root_path, :notice => "login successful"
else
flash.now[:alert] = "invalid login / password combination " # don't show pass + params[:password]
#render :action => "new"
redirect_to login_path, :notice => "wrong user pass"
end
end
def destroy
reset_session
redirect_to root_path, :notice => "successfully logged out"
end
end
I have seen in other posts that this can be due to not defining a variable in a controller action, but since this is a session, and it is in the application.html.erb (application_controller.rb), I'm not sure how to do this. Anybody know how to do this? Thanks!
<%= render "sessions/login", :#user => User.new %>
will render login partial of sessions view, i.e. '_login.html.erb' in views/sessions and instantiate #user to new user so that it can be referenced directly in the partial as :
form_for #user, :url => sessions_path do |f|
f.text_field :email
Check your file extension in my case file extension was rhtml, I changed it into html.erb.
Now its working fine.
Note:
This file with rhtml extension was working fine in rails <= 3.0.10. But stopped working in rails 3.1.12. So I changed its extension as mentioned above.
I am using devise in a rails 3 app. I am giving some users the ability to register other users. These registrations will simply add a new record with id and email to the users table. My routes contain the standard devise items.
In my invitations controller:
def new
#invitations = blah blah # creates a list of people already invited
#user = User.new # for the person begin invited
respond_to do |format|
format.html # index.html.erb
format.xml { render :xml => #invitations }
end
end
The view has a list of people already invited and then a form to add a new user. I am using the code from the devise registration form. Perhaps i don't need to do this? The following line in new.html.erb creates an error:
<%= form_for(resource, :as => resource_name, :url => registration_path(resource_name)) do |f| %>
The error:
undefined local variable or method `resource' for #<#<Class:0x103655be0>:0x1036537f0>
Thanks!
Did you inherit your registrations controller from Devise's registrations controller?
I got past this error with the following:
<% form_for :user, :url => create_invitation_invitations_path(#user) do |f| %>
We'll see if i run into other complications.
UPDATE: no complications.
Having some trouble with some nested resources routing. What I'm trying to do is link to a user's profile page for editing purposes. In my view it is written as:
<%= link_to "Edit Profile", edit_user_profile_path(current_user) %>
Which errors out with:
No route matches {:action=>"edit", :controller=>"profiles", :user_id=>#<User id: 1, email: "EDITEDOUT", hashed_password: "EDITEDOUT", created_at: "2011-01-20 18:30:44", updated_at: "2011-01-20 18:30:44">}
In my routes.rb file, it looks like so:
resources :users do
resources :profiles, :controller => "profiles"
end
I checked my Rake routes, and it gave me this as a valid option:
edit_user_profile GET /users/:user_id/profiles/:id/edit(.:format) {:action=>"edit", :controller=>"profiles"}
Which I am able to manually navigate to. For good measures, here's proof of my controller:
class ProfilesController < ApplicationController
def edit
#user = current_user
#profile = current_user.profile
end
def update
#user = current_user
#profile = current_user.profile
respond_to do |format|
if #profile.update_attributes(params[:profile])
format.html { redirect_to(orders_path, :notice => "Your profile has been updated.") }
format.xml { head :ok }
else
format.html { render :action => "edit" }
format.xml { render :xml => #profile.errors, :status => :unprocessable_entity }
end
end
end
end
Anyway, I've been having some problem tracking this down. Any pointers would help. For my DB design Profiles belong to Users in a one-to-one relationship. I'm hoping it's just something newbish I'm not noticing a new set of eyes might help.
If you look closely at your route, you'll see that it expects both a :user_id and an :id. The latter, in this case, refers to the user profile.
In order to tell Rails that you want that particular profile, you'll have to specify both the user and the profile in your link, like this:
edit_user_profile_path(current_user, #profile)
Now, Rails will use the first argument (current_user) for the :user_id part of the route, and the second argument (#profile) for the :id.