I am learning rails using the teamtreehouse tutorial. The tutorial uses 3.1 but I am trying to learn 4.0, and as a result I have run into a difficulty presumably because rails 4 forces of the use of strong parameters. I have two models, a users model and a statuses model. I have used devise to create authentication for users, and have included new parameters. They are :first_name, :last_name, and :profile_name. I have created a relationship between users and statuses.
Currently the user sign-up with the new parameters is working; i can access them using for instance current_user.last_name. However, I want to show the profile_name of the user that created the post on the statuses index view(each user does not yet have a separate page). I want to do this using
status.user.profile_name
However it just shows up blank. If I do
status.user.email(which is a preconfigured devise parameter), it shows up no problem. I am guessing I have to whitelist these parameters in some controller but I don't know where or how.
Thanks
I think, here you will find your answer: https://github.com/plataformatec/devise/tree/rails4#strong-parameters
Based on above link, I think you should insert something like this in your ApplicationController:
class ApplicationController < ActionController::Base
before_filter :configure_permitted_parameters, if: :devise_controller?
protected
def configure_permitted_parameters
devise_parameter_sanitizer.for(:user) { |u| u.permit(:profile_name) }
end
end
And I already suggested in a previous question...
Strong parameters with Rails and Devise
...that you can create your own controller which could extend devise own controller. There is a gist for that:
https://gist.github.com/bluemont/e304e65e7e15d77d3cb9
A little bit more details in Devise doc: https://github.com/plataformatec/devise/tree/rails4#configuring-controllers
Related
I need some help with the authorization. So far I was trying to solve it with the internal rails authorization combined with devise.
I have a user who is posting a request. If this request is private only a group of "reader" can see and answer the request. (This is number one)
Then the user give a rating to the answer of the reader. This should be accesible only for the user which received the answer and the "reader" who gave an answer.
So far I was using the following to limit access to the hidden requests:
before_filter :require_reader!, only: [:open_requests]
But if the request is not hidden, than still only the reader should be able to answer the request (but all can see it). Here I do not know how to manage this. Any Ideas?
To continue... I could not manage to solve the second problem (that the rating is seen only be the one who was placing the request and the reader).
Any ideas here?
Is cancancan maybe an option?
Best
witali
What you're doing does not quite follow the 'admin' pattern that's commonly setup with tools like Railsbricks. The 'admin' permissions pattern is typically a whole set of actions/views that are available only to admins, so often the entire Controller, or family of controllers, have the :require_admin! filter applied before every single action and view. Very simple permissions logic, and it depends only on the user and view.
Instead, what you've got is views with permissions that depend on your object's state as well as the user's status and the view. So you're going to have to write your own filter to use instead of using 'require_reader!'.
For example, you might have a RequestsController, and you could add to it:
before_action :must_be_able_to_view_request, except: [:index, :new, :create]
Then define that filter in the controller:
private
def must_be_able_to_view_request
if !current_user.is_reader? && !#request.ispublic
head :forbidden
end
end
If you need to use the same filter in other Controllers, then you can define it in your ApplicationController.
Hi StackOverflow community, I'm trying to solve an issue whereby I am wrapping Devise around a legacy model in a Ruby on Rails 3.2 application.
In this app, I actually have 2 pre-existing devise models: Representative and Admin. These two classes use all standard devise configuration and use default password encryption. I need to wrap Devise around a third model, Dealer, which already has a pre-existing, custom SHA1 password encryption implementation. I'd like to leave this encryption implementation in place while I work on adding Devise to this model and not force me to reset several hundred users passwords. Is it possible to set the password encryptor to SHA1 for just this one model, leaving the other two aforementioned classes alone?
I'm still combing the documentation looking for a way to pass options to the devise-encryptable plugin, but so far have yet to find what I'm looking for. Hopefully the community can help me with my search.
I ended up figuring it out.
1) Added gem 'devise-encryptable' to Gemfile
2) Added :encryptor => :legacy_sha1 options hash to model.
class DeviseModel < ActiveRecord::Base
devise :encryptable, :encryptor => :legacy_sha1
end
3) Added a custom Encryptor class to lib/devise/encryptable/encryptors/legacy_sha1.rb
module Devise
module Encryptable
module Encryptors
class LegacySha1 < Base
def self.digest(password, stretches, salt, pepper)
string = #secret routine!
Digest::SHA1.hexdigest(string)
end
end
end
end
end
Works perfectly.
I do not find any way in order to modify the behaviour of the existing methods in rails_admin. I am using rails 3.2 and integrated with PostgreSql.
I want to modify the behaviour of one of my method during the edit. I have a model of shipment_quotes and model has a charges column, by default this field is blank and I want if admin add any amount in this field then after submitting the form a mail will be shoot to particular user.
But I have not found any way to modify the admin methods.
Also I want to create new actions for particular model.
Please help me I really fed up with this. After so much googling I do not find any thing relevant.
Any help will be really appreciated...
Rails Admin wouldn't do this for you. You might as well create a callback method for shipment_quotes after create. I think something like this would help
class ShipmentModel < ActiveRecord::Base
after_create :verify_charges
private
def verify_charges
if !charges.blank?
# Then shoot an email
end
end
end
Rails admin would then just handle your CRUD.
I have an application setup with devise authentication using sti (base user model and two other models - company and individual - inheriting from it). From a devise perspective, everything is working. I can have different routes for signup forms and everything works as expected. Now I wanted to give both users (company and individual) the option to signup/sign in using facebook or linked in. If I set the :omniauthable on both models, and set the devise_for on my routes.rb for each model, I get an error saying that only one model can be omniauthable. If I don't use the devise_for for each model, no routes are generated. If I set the omniauthable on user model only, I get only one route and one callback.
I've read somewhere that the solution would be to use omniauth on its own (separated from devise). However, I can't seem to achieve the intended behavior using omniauth separate from devise (I can get one single authorize/callback route, but the two, as intended).
Anyone out there who can help ?
TIA
Devise's Omniauthable module does support multiple models. See
https://github.com/plataformatec/devise/wiki/OmniAuth-with-multiple-models
I'm having trouble with a plugin on a rails 3 app called vote_fu_rails_3. This is a rails 3 compatible version of vote_fu by peteonrails. Both plugins are inspired by acts_as_voteable.
I have a site you can look at http://rubeddit.heroku.com - it's a reddit clone for a class i'm doing.
I am trying to get voting working. I have setup everything according to the instructions on the github page. I have a Link model that has_many :votes and my vote model has belongs_to :user and belongs_to :link.
When trying to do the method to vote_for a link by trying <%= link_to 'up', #user.vote_for(#link) %> I get a SQLite constraint error that voteable_id cannot be NULL.
You can see my code here am i doing something incorrectly? I'm open to any suggestions, i'm pretty new with rails.
Edit: The main issue i'm having seems to stem from voteable_id and voteable_type. These are from polymorphic associations. Since I only have the need to vote on Links (a single model) I guess I have the option of removing the polymorphic associations. Leaving them in place however would also make allowing Comments (yet to be added) to be voted on, fairly simple.