I am trying to add a calendar to my rails app using table_builder. I based my implementation off of their readme and this highly recommended tutorial.
On the initial load, the calendar works beautifully. Each assignment is shown on the correct day. However, when the month is changed by clicking ">" or "<" which surround the month name, while the name of the month in the header is changed, the calendar itself is unchanged. Here is the block of code from my view that renders the calendar:
<div id="calendar">
<h2 id="month">
<%= link_to "<", :month => (#date.beginning_of_month-1).strftime("%Y-%m-01") %>
<%= h #date.strftime("%B %Y") %>
<%= link_to ">", :month => (#date.end_of_month+1).strftime("%Y-%m-01") %>
</h2>
<%= calendar_for(#assignments) do |calendar| %>
<%= calendar.head('Sunday', 'Monday', 'Tuesday', 'Wednesday', 'Thursday', 'Friday', 'Saturday') %>
<% calendar.day(:day_method => :due_date) do |day, assignments| %>
<%= day.day %>
<ul>
<% for assignment in assignments %>
<li>
<%= assignment.course.name %>: <%= link_to assignment.name, assignment_type_assignment_path(assignment.assignment_type, assignment)%>
</li>
<% end %>
</ul>
<% end %>
<% end %>
</div>
#assignments returns a complete list of all assignments associated with a given user. Each assignment as an attribute due_date which is the date we want the assignment to appear under in the calendar.
Here is the controller code:
class HomeController < ApplicationController
def index
#user = #current_user
#assignments = #user.assignments
#date = params[:month] ? Date.parse(params[:month]) : Date.today
end
end
Thanks
You aren't passing the current #date to the calendar_for helper, so it's simply defaulting to rendering the current (or some default) month. You'll need to pass in #date like this:
calendar_for(#assignments, :year => #date.year, :month => #date.month) do |calendar|
Related
In my index view, I'm iterating over a list of bookings.
Also, I added a dropdown menu with the option to sort by created_at: asc and created_at: desc.
index.html.erb
<div class="dropdown">
<button class="btn" type="button" id="dropdownMenuButton" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
Sort by
</button>
<div class="dropdown-menu" aria-labelledby="dropdownMenuButton">
<p> <%= link_to "ASC", sort: :asc %> </p>
<p> <%= link_to "DESC", sort: :desc %> </p>
</div>
</div>
<% #bookings.each do |booking| %>
<%= booking.address %>
<%= booking.created_at %>
<% end %>
This is the way I am sorting the #bookings in the controller:
booking_controller.rb
class Users::BookingsController < ApplicationController
def index
#bookings = current_user.bookings.order(created_at: params[:sort])
end
end
I'm not really sure if this is the best solution and if it has some vulnerability in terms of SQL injections...
Generally using params for order is unsafe, see https://rails-sqli.org/#order
You can use sanitize_sql_for_order to sanitaze input for ActiveRecord#order
Passing key/value pairs to order(created_at: params[:sort]) is safe. Rails validates the direction. If you give it an invalid direction it will raise ArgumentError: Direction "..." is invalid. It's been this way since the syntax was introduced in Rails 4.
Passing a string to order as in order("created_at #{params[:sort]}") could be exploited in Rails 5 and earlier. See Rails SQL Injection for details. Rails 6 now sanitizes order arguments and will raise an exception if it detects funny business.
Rails 6, in general, is more robust against SQL injection. But it's up to you to sanitize your inputs before passing them to anything which accepts raw SQL.
Your view is not turning the bookings into a drop down menu. Instead, it's just a bunch of text. As lurker suggested, use a function like collection_select to generate the select and option tags for you.
<%= form_for #user do |f| %>
<%= f.collection_select :booking_id, #bookings, :id, proc { |b| "#{b.address} #{b.created_at}" , prompt: true %>
<%= f.submit %>
<% end %>
To tidy that up a bit, you can add a method to Booking to produce the label you want and replace the proc.
class Booking
def dropdown_value
"#{address} #{created_at}"
end
end
<%= form_for #user do |f| %>
<%= f.collection_select :booking_id, #bookings, :id, :dropdown_value, prompt: true %>
<%= f.submit %>
<% end %>
I am trying generate a code that tracks for documents that revolve within the organisation. I have done other codes for adding employees, adding document types and logging in now I am struggling on creating a document form and search from the document that I have created. This code is for searching:
controller#show
def show
#generate_documents = GenerateDocument.where('Reciever LIKE?',"%#{params[:search]}%")
# #generate_documents = GenerateDocument.all
end
views/show
<%= form_tag generate_document_path, :method => :get do %>
<p>
<%= text_field_tag :search, params[:search] %>
<%= submit_tag "Search" %>
</p>
<% end %>
<!-- end of seaerch form -->
<!-- loading data from database and displaying then in a list format BEGIN -->
<ul>
<% #generate_documents.each do |generate_document| %>
<li>
<%= link_to generate_document.Reciever, edit_generate_document_path(generate_document) %>
</li>
<% end %>`enter code here`
</ul>
<!--
END LISTING -->
<%= link_to 'New Generate Document', new_generate_document_path %>
Even Iam new to rails, but i can help you with basics that you need to pass the parameters from the view to the controller, therefore you can use:
:url => {:controller => "name_of_your_controller", :action => "action_to_be_perforemed", :id => "whatever id you want"}
or else you can also pass the object within the url like we do while edit request
<%= link_to "Edit", edit_post_path(#edit)%>
which will give the :id of the particular post.
Hope this may help you.
I have a page in my rails application that shows a list of listings (paginated using will_paginate). I am trying to find a good gem to implement searching and sorting with the list on this page. The Ransack gem looked like what i needed but i'm running into an issue with it. This is what my code looks like right now with the Ransack gem.
My model (didn't include the whole model, didn't want the validations and extra code to get in the way):
UNRANSACKABLE_ATTRIBUTES = ["id", "state", "show_email", "email", "show_phones", "primary_phone", "secondary_phone", "updated_at", "user_id"]
def self.ransackable_attributes auth_object = nil
(column_names - UNRANSACKABLE_ATTRIBUTES) + _ransackers.keys
end
My controller action:
def index
#search = Listing.search(params[:q])
#listings = #search.result.paginate(page: params[:page], per_page: 20, joins: "LEFT OUTER JOIN attachments ON listings.id = attachments.attachable_id", select: "listings.*, COUNT(attachments.id) AS photos", group: "listings.id", order: "listings.created_at DESC, listings.title ASC, listings.id DESC")
#search.build_sort if #search.sorts.empty?
end
My search form on the page:
<div class="advanced-search">
<%= search_form_for #search do |f| %>
<div class="search-by">
<div class="search-field">
<%= f.label :title_cont, "Title Contains" %>
<%= f.text_field :title_cont %>
</div>
<div class="search-field">
<%= f.label :description_cont, "Description Contains" %>
<%= f.text_field :description_cont %>
</div>
<div class="search-field">
<%= f.label :price_gteq, "Price Between" %>
<%= f.text_field :price_gteq %>
<%= f.label :price_lteq, "and" %>
<%= f.text_field :price_lteq %>
</div>
</div>
<div class="sort-by">
<%= f.sort_fields do |s| %>
<%= s.sort_select %>
<% end %>
</div>
<div class="search-actions">
<%= f.submit "Search" %>
</div>
<% end %>
</div>
My route:
resources :listings do
collection do
match 'search' => 'listings#index', via: [:get], as: :search
end
end
With everything i have in place now i have been able to get the application to successfully search and sort the listings.
My question: The sort_select field is showing everything option that is "ransackable". Is there a way to make one attribute available for the searching, but not the sorting? For example i want the ability to search on the description attribute but it doesn't make any sense to include that attribute in the sorting. How can i use an attribute in one and not the other? Thanks for any help and let me know if my question is not clear enough.
Couldn't figure out how to get the values i wanted into the dropdown so i just used links instead. Here's what i ended up with for the sorting.
Sort by <%= sort_link #search, :title %> | <%= sort_link #search, :price %> | <%= sort_link #search, :created_at, "Date Listed" %>
I'm using this in a view:
<% #line_items.group_by(&:year).each do |year, line_items| %>
<h2><%= year %></h2>
<% line_items.group_by(&:month).each do |month, lines| %>
<h3><%= Date.new(year.to_i, month.to_i, 1).strftime('%B') %> // <%= lines(&:quantity).sum %></h3>
<% for line in lines %>
<p><%= line.quantity %> <%= line.customer.name %></p>
<% end %>
<% end %>
<% end %>
I have a group of line items that have a :month, :year and :quantity attribute. I can group them by month and year with the above code, by I'm trying to total the quantity by month, too. Can't seem to figure that out. Getting the following error:
undefined method `lines' for #<#<Class:0x007fabb4f8afe0>:0x007fabb4f806d0>
You seem to be calling lines as if it were a method when in fact it is an array of objects. Try to do it like this instead:
<%= lines.map(&:quantity).sum %>
Map will create a new array by calling quantity on each record in the array. Then you can sum it.
I'm trying to build a form that will list all users and allow you to check the ones that you want to add to a team. Here's my first cut at the form:
<div id="add_team_mates">
<%= form_tag do %>
<%= will_paginate #users %>
<ul class="users">
<% #users.each do |user| %>
<li>
<%= gravatar_for user, :size => 30 %>
<%= link_to user.name, user %>
<%= check_box_tag("add", user.id) %>
</li>
<% end %>
</ul>
<%= submit_tag "Add Team Mates", :action => "add_team_mates" %>
<% end %>
</div>
And, right now this is all that I have in the controller:
def add_team_mates
end
The problem is that if I check multiple users, I only get the last user.id rather than multiple is as I'd expect. Here's some example from the log:
Started POST "/teams/5" for 127.0.0.1 at 2011-04-14 15:28:13 -0700
Processing by TeamsController#add_team_mates as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"IHFDevfKES8NibbCMlRa1t9qHn4/ZMKalK1Kjczh2gM=", "add"=>"3", "commit"=>"Add Team Mates", "id"=>"5"}
Completed in 12ms
Any help on this would be greatly appreciated. Thanks!
All your checkboxes have the same name, change the line to
check_box_tag("add[]",user.id)
In the controller your parameters will be like so:
params[:add] = ['foo','bar','baz']