I do not find any way in order to modify the behaviour of the existing methods in rails_admin. I am using rails 3.2 and integrated with PostgreSql.
I want to modify the behaviour of one of my method during the edit. I have a model of shipment_quotes and model has a charges column, by default this field is blank and I want if admin add any amount in this field then after submitting the form a mail will be shoot to particular user.
But I have not found any way to modify the admin methods.
Also I want to create new actions for particular model.
Please help me I really fed up with this. After so much googling I do not find any thing relevant.
Any help will be really appreciated...
Rails Admin wouldn't do this for you. You might as well create a callback method for shipment_quotes after create. I think something like this would help
class ShipmentModel < ActiveRecord::Base
after_create :verify_charges
private
def verify_charges
if !charges.blank?
# Then shoot an email
end
end
end
Rails admin would then just handle your CRUD.
Related
I need some help with the authorization. So far I was trying to solve it with the internal rails authorization combined with devise.
I have a user who is posting a request. If this request is private only a group of "reader" can see and answer the request. (This is number one)
Then the user give a rating to the answer of the reader. This should be accesible only for the user which received the answer and the "reader" who gave an answer.
So far I was using the following to limit access to the hidden requests:
before_filter :require_reader!, only: [:open_requests]
But if the request is not hidden, than still only the reader should be able to answer the request (but all can see it). Here I do not know how to manage this. Any Ideas?
To continue... I could not manage to solve the second problem (that the rating is seen only be the one who was placing the request and the reader).
Any ideas here?
Is cancancan maybe an option?
Best
witali
What you're doing does not quite follow the 'admin' pattern that's commonly setup with tools like Railsbricks. The 'admin' permissions pattern is typically a whole set of actions/views that are available only to admins, so often the entire Controller, or family of controllers, have the :require_admin! filter applied before every single action and view. Very simple permissions logic, and it depends only on the user and view.
Instead, what you've got is views with permissions that depend on your object's state as well as the user's status and the view. So you're going to have to write your own filter to use instead of using 'require_reader!'.
For example, you might have a RequestsController, and you could add to it:
before_action :must_be_able_to_view_request, except: [:index, :new, :create]
Then define that filter in the controller:
private
def must_be_able_to_view_request
if !current_user.is_reader? && !#request.ispublic
head :forbidden
end
end
If you need to use the same filter in other Controllers, then you can define it in your ApplicationController.
I'm sharing one database for two web applications. The User model is already being used for one of these apps, so, in order to sign in to the other one, I had to create another model to avoid mixing users info.
I could make Devise work for this new model, called SystemUser. The problem is now I'll have to use every variable with another name. For example: current_system_user, system_user_signed_in?, etc. I'm using these variables, with their original name, across the whole application, and I would like to know if there's a way to avoid overwriting it. For example: by creating a method called current_user that returns current_system_user, and that way with the other variables mentioned before.
I think this should do the trick:
devise_for :users, class_name: 'SystemUser'
have you considered using CanCan for roles?
https://github.com/ryanb/cancan
I could finally solve the issue by generating the Devise views again. I don't know why, but the devise/sessions folder was missing, and it was doing it with another view, and when I started using it, it worked.
Thanks anyway.
I am using rails 3.2.7, mongoid 3, and i am trying to use devise for users accounts.
Before i'll start: i was searching a lot for my problem, and i read many tutorials, byt none fit to my need.
I have similar problem like devise and multiple “user” models
but i am using mongodb so i think the problem is not exacly the same.
I have 3 types of users":
Manger which can have many places and can manage them(edit info).
User which can search for places(even no user can) and create their places lists. Also user can comment and note the places.
Administrator who can edit/delete anythig, so admin is a god.
So, all of them have different data(except of login info) and i don't know what solution is the best.
STI would be good if they would have the same data, and different actions, but data are different too(but i am using mongoid, so maybe it would be fine?)
Single user model with roles is another solution but i don't know how to store different data, maybe with polymorphic? I don't fully understand how it should be implemented with devise and maybe cancan.
Maybe there is third?
I know what is STI, polymorphic associations, also how to implement roles with CanCan, but the problem is that i dont't know how to connect them with devise?
If there would be few sign in forms or one, it doesn't matter. I don't have to use devise either.
I found few tutorials/examples how to use devise, monogid, roles for multi-users applications, but they are when users store the same data, so they don't fit for me.
Can you give me advice, or a maybe a link which could help me?
Thanks for help :)
I would recommend building different controllers for different use cases. Don't build dependencies of different views inside the data. This way you are free to use the data for other use cases or other user groups without changing it directly.
Simply create controllers for the different use cases. This way you can change them any time without changing your data model.
This is an incredibly newbish question, but I can't seem to find the answer.
I'm building an app that utilizes external APIs heavily, and I'm fairly new to Rails, so it's still a little rough to get around. I can't, for the life of me, figure out how to accept user input and execute a function in my app without writing to a model.
For example, I just want to let a user type in a Twitter username and have it display on the page. I know how to make a form to cache the search in a model, but I can't figure out how to just... make a function happen on a page. I've been breaking my brains on this for several days now.
Please help? :/
You don't need a model to use Rails, but if you don't need ActiveRecord at all, you might benefit from a lighter framework like Sinatra. That doesn't answer your question, but it's worth thinking about if you really have no database requirement for your application.
It sounds like you're just trying to access non-resourceful user input, which is accessible in the controller via the params hash. So, assuming you have set up a valid route for the form action, you use your controller to extract GET or POST parameters.
For example:
# You define a non-resourceful route in routes.rb for your form action.
get 'twitternames/show'
# Form action directs user to GET the following route after filling in the form.
http://example.com/twitternames/show?user=foo
# The controller action extracts the data.
def show
#user = params[:user]
# render the view unless you tell rails to do something else
end
# show.html.erb
<%= #user %>
Creating the right route is the key. Once you've defined a route that can break a URL into the proper segments, the rest will fall into place.
I trying to prevent url hacking, I passing an id to the url that the forms need, it works fine but if the user changes that value on the url it will send values to the wrong table.
<%= link_to '+ New Event',
{:controller =>'events', :action =>
'new', :company_id => company.id} %>
On the php world I used to encrypt that id ...how can I do this on rails3 or is there a better way ??
needless to say I sort of new to rails and I know a little bit of php
any help or suggestions will be greatly appreciated.
Even though this is an older question, it's a very worthwhile question. It is absolutely worthwhile to conceal the ID in the URL for, among other things, prevention of information disclosure.
For example, an application has a robust security model allowing users to only view resources to which they have rights. However, why should a user be able to look at the value of the ID in the URL and use it to deduce how many resources there are or, as the original questioner suggests, start trying to poke around with forced browsing.
The solution to this in rails turns out to be pretty simple. What I find works best is overriding to_param in the models, usually via a module in the lib directory and a before_filter in the application controller that decrypts the IDs.
For a walkthrough, have a look at this: http://www.youtube.com/watch?v=UW_s9ejrCsI
Rather than trying to encrypt or hide your company.id value, ask yourself what exactly it is that you want to prevent users from doing.
If you just want to prevent users from creating events associated with non-existant companies (by setting the id to a really high value for instance), then a simple
validates_presence_of :company
On the Event model would be fine.
If you only want users to be able to create events associated with companies that they work for, or have access for in some way, then you should create custom validations to verify that.
F