Thats the link_to
<%= link_to('Dashboard', dashboard_index) do %>
<i class="icon-play"></i>
<% end %>
Thats the corresponding rake routes entry.
dashboard_index GET /dashboard/index(.:format) dashboard#index
What could be wrong? Any suggestion or idea?
thanks in advance
best regards
denym
It should be
<%= link_to(dashboard_index_path) do %>
Dashboard
<i class="icon-play"></i>
<% end %>
Related
In my index view, I'm iterating over a list of bookings.
Also, I added a dropdown menu with the option to sort by created_at: asc and created_at: desc.
index.html.erb
<div class="dropdown">
<button class="btn" type="button" id="dropdownMenuButton" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
Sort by
</button>
<div class="dropdown-menu" aria-labelledby="dropdownMenuButton">
<p> <%= link_to "ASC", sort: :asc %> </p>
<p> <%= link_to "DESC", sort: :desc %> </p>
</div>
</div>
<% #bookings.each do |booking| %>
<%= booking.address %>
<%= booking.created_at %>
<% end %>
This is the way I am sorting the #bookings in the controller:
booking_controller.rb
class Users::BookingsController < ApplicationController
def index
#bookings = current_user.bookings.order(created_at: params[:sort])
end
end
I'm not really sure if this is the best solution and if it has some vulnerability in terms of SQL injections...
Generally using params for order is unsafe, see https://rails-sqli.org/#order
You can use sanitize_sql_for_order to sanitaze input for ActiveRecord#order
Passing key/value pairs to order(created_at: params[:sort]) is safe. Rails validates the direction. If you give it an invalid direction it will raise ArgumentError: Direction "..." is invalid. It's been this way since the syntax was introduced in Rails 4.
Passing a string to order as in order("created_at #{params[:sort]}") could be exploited in Rails 5 and earlier. See Rails SQL Injection for details. Rails 6 now sanitizes order arguments and will raise an exception if it detects funny business.
Rails 6, in general, is more robust against SQL injection. But it's up to you to sanitize your inputs before passing them to anything which accepts raw SQL.
Your view is not turning the bookings into a drop down menu. Instead, it's just a bunch of text. As lurker suggested, use a function like collection_select to generate the select and option tags for you.
<%= form_for #user do |f| %>
<%= f.collection_select :booking_id, #bookings, :id, proc { |b| "#{b.address} #{b.created_at}" , prompt: true %>
<%= f.submit %>
<% end %>
To tidy that up a bit, you can add a method to Booking to produce the label you want and replace the proc.
class Booking
def dropdown_value
"#{address} #{created_at}"
end
end
<%= form_for #user do |f| %>
<%= f.collection_select :booking_id, #bookings, :id, :dropdown_value, prompt: true %>
<%= f.submit %>
<% end %>
I am getting this output when I got to the /projects, which should just list projects and an associated link:
I cannot figure out why all the information from the projects table is being dumped after the list.
Controller index method:
def index
#projects = Project.all
end
index.html.erb:
<%= #projects.each do |project| %>
<li>
<%= link_to project.title, projects_path(project) %>
<%= link_to project.link, project.link %>
</li>
<% end %>
Any ideas to why this is happening?
Thanks for reading!
Change the <%= on your loop to <%:
<% #projects.each do |project| %>
What it's doing now is executing the loop and printing all your li elements, and then also printing the contents of #projects (because of the <%=).
I have this piece of code that doesn't seem to work for a strange reason:
<% if (#user.photo.blank?) %>
<%= image_tag("empty_profile_pic.png") %> <!-- replace with user's image -->
<%else %>
<%= image_tag(#user.photo.url(:small)) %>
<% end %>
If the picture is null in the mySQL database I want it to display another pic.
I have tried, empty?, nil?, blank? but with no success, and also
#user.photo.blank.url.*
Any help?
How about
#user.photo.exists?
~Charles~
<%= image_tag(#user.photo.try(:url, :small) || "empty_profile_pic.png") %>
In my Rails3 app I have:
<%= link_to "Sign out", destroy_user_session_path %>
I know how to localize text, but how to localize link text? I defined "sign_out" in tried:
<%= link_to t( sign_out ), destroy_user_session_path %>
But it generates an error:
undefined local variable or method `sign_out'
What is the correct syntax?
PS: It is even more basic than this question, but I could not find any answer.
<%= link_to t('sign_out'), destroy_user_session_path %>
And you must define the key sign_out: in your local yml file after
How about link_to t("sign_out"), destroy_user_session_path?
<%= link_to t(:sign_out), destroy_user_session_path %>
or
<%= link_to t('sign_out'), destroy_user_session_path %>
You can check other details here.
I'm trying to build a form that will list all users and allow you to check the ones that you want to add to a team. Here's my first cut at the form:
<div id="add_team_mates">
<%= form_tag do %>
<%= will_paginate #users %>
<ul class="users">
<% #users.each do |user| %>
<li>
<%= gravatar_for user, :size => 30 %>
<%= link_to user.name, user %>
<%= check_box_tag("add", user.id) %>
</li>
<% end %>
</ul>
<%= submit_tag "Add Team Mates", :action => "add_team_mates" %>
<% end %>
</div>
And, right now this is all that I have in the controller:
def add_team_mates
end
The problem is that if I check multiple users, I only get the last user.id rather than multiple is as I'd expect. Here's some example from the log:
Started POST "/teams/5" for 127.0.0.1 at 2011-04-14 15:28:13 -0700
Processing by TeamsController#add_team_mates as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"IHFDevfKES8NibbCMlRa1t9qHn4/ZMKalK1Kjczh2gM=", "add"=>"3", "commit"=>"Add Team Mates", "id"=>"5"}
Completed in 12ms
Any help on this would be greatly appreciated. Thanks!
All your checkboxes have the same name, change the line to
check_box_tag("add[]",user.id)
In the controller your parameters will be like so:
params[:add] = ['foo','bar','baz']