Rails 3.0
Following these instructions:
https://github.com/plataformatec/devise/wiki/How-To%3a-Require-admin-to-activate-account-before-sign_in
I've generated a migration :approved (boolean) for my devise user.rb. Now I want to edit it with a checkbox from a different controller: unapproved_users_controller.rb.
When I load the form in the edit I get this error: undefined method `user_path'.
routes.rb, the resources for my new controller
resources :unapproved_users
app/models/user.rb, notice that :approved is attr_accessible.
class User < ActiveRecord::Base
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :trackable, :validatable
attr_accessible :email, :password, :password_confirmation, :remember_me, :approved
def active_for_authentication?
super && approved?
end
def inactive_message
if !approved?
:not_approved
else
super # Use whatever other message
end
end
def self.send_reset_password_instructions(attributes={})
recoverable = find_or_initialize_with_errors(reset_password_keys, attributes, :not_found)
if !recoverable.approved?
recoverable.errors[:base] << I18n.t("devise.failure.not_approved")
elsif recoverable.persisted?
recoverable.send_reset_password_instructions
end
recoverable
end
end
app/controllers/unapproved_controllers.rb
class UnapprovedUsersController < ApplicationController
def index
if params[:approved] == "false"
#users = User.find_all_by_approved(false)
else
#users = User.all
end
end
def edit
#user = User.find(params[:id])
end
def update
#user = User.find(params[:id])
#user.update_attributes(params[:user])
end
end
app/views/unapproved_users/index.html.haml
%h1 Users
= link_to "All Users", :action => "index"
|
= link_to "Users awaiting approval", :action => "index", :approved => "false"
%table
- #users.each do |user|
%tr
%td= user.email
%td= user.approved
%td= link_to "Edit", edit_unapproved_user_path(user)
app/views/unapproved_users/edit.html.haml
= render 'form'
app/views/unapproved_users/_form.html.haml
= form_for (#user) do |f|
-if #user.errors.any?
#error_explanation
%h2= "#{pluralize(#user.errors.count, "error")} prohibited this user from being saved:"
%ul
- #user.errors.full_messages.each do |msg|
%li= msg
.field
= f.label :approved, 'Approved?'
= f.check_box :approved
.actions
= f.submit 'Save'
You need to change the form_for.
It should be
= form_for(#user, :url => unapproved_user_path(#user)) do |f|
Related
I would like to update the "User" model which has a column named "verification_code_confirmation" from the "Verifications" Controller
I had tried writing this code
class VerificationController < ApplicationController
def index
#user = User.find(params[:id])
if #user.update_attributes(params[:user])
redirect_to #user, :flash => { :success => "Successfully verified." }
else
render :action => 'edit'
end
end
and
index.html.erb for verifications view.
<%= form_for(#user) do |f| %>
<div><%= f.label :verification_code_confirmation %><br />
<%= f.number_field :verification_code_confirmation %></div>
<% end %>
User model
class User < ActiveRecord::Base
# Include default devise modules. Others available are:
# :confirmable, :lockable, :timeoutable and :omniauthable
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :trackable, :validatable
# Setup accessible (or protected) attributes for your model
attr_accessible :email, :password, :password_confirmation, :remember_me, :verification_code_confirmation, :phone
end
end
I have updated to
if #user.update_attributes(params[:user])
How do i do it? I have looked around in the internet to update my column through the verification controller but i couldn't.
Rails 4, Devise 3.0.3, Oauth-facebook
I've added two additional parameters in my User model - :name, :uid and trying to save it in my users table from my form (route /users/sign_up). But as result i receive record in table, which contains only default values for fields :name and :uid instead of values, which i put in my text_fields.
In console i've got the following message:
Unpermitted parameters: name, uid
WARNING: Can't mass-assign protected attributes for User: password_confirmation
app/models/user.rb:31:in `new_with_session'
Here is my user.rb model. I've tried to remove these fiels from attr_accessible but it gives no result.
class User < ActiveRecord::Base
attr_accessible :oauth_expires_at, :oauth_token, :oauth_secret, :email, :password, :uid, :provider, :name
default_scope -> {order('created_at ASC')}
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :trackable, :validatable,
:omniauthable, :omniauth_providers => [:facebook]
has_many :microposts, :primary_key => "uid", dependent: :destroy
# validates :uid, presence: true
def self.find_for_facebook_oauth(auth, signed_in_resource=nil)
user = User.where(:provider => auth.provider, :uid => auth.uid).first
unless user
user = User.create(name:auth.extra.raw_info.name,
provider:auth.provider,
uid:auth.uid,
email:auth.info.email,
password:Devise.friendly_token[0,20]
)
end
user
end
def self.new_with_session(params, session)
super.tap do |user|
if data = session["devise.facebook_data"] && session["devise.facebook_data"]["extra"]["user_hash"]
user.email = data["email"]
end
end
end
end
Here is my users/omniauth_callbacks_controller.rb (without facebook method). I've tried to apply different advises related to before_filter, but it still does not work
class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
before_filter :configure_permitted_parameters
def create
super
end
private
def configure_permitted_parameters
params.require(:user).permit(:name, :uid, :provider)
end
end
Here is my view-form ()
Sign up
<%= link_to "Sign in with Facebook", user_omniauth_authorize_path(:facebook) %>
<%= form_for(resource, :as => resource_name, :url => registration_path(resource_name)) do |f| %>
<%= devise_error_messages! %>
<div><%= f.label :name %> <br />
<%= f.text_field :name, :autofocus => true %></div>
<div><%= f.label :email %><br />
<%= f.email_field :email %></div>
<div><%= f.label :password %><br />
<%= f.password_field :password %></div>
<div><%= f.label :password_confirmation %><br />
<%= f.password_field :password_confirmation %></div>
<div><%= f.label :uid %><br />
<%= f.text_field :uid %></div>
<div><%= f.submit "Sign up" %></div>
<% end %>
<%= render "devise/shared/links" %>
Could you help me, i don't understand what am i doing wrong. How to configure whitelist for my strong params to receive proper values (which user put in view-form) ?
All my source code is available here: https://github.com/DavydenkovM/d23m
Thanks in advance!
UPDATE
I've remove attr_accessible fields and update my controller. But the problem with unpermitted params name and uid at the same point. Now my controller looks like:
class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
before_filter :configure_permitted_parameters, if: :devise_controller?
def facebook
#user = User.find_for_facebook_oauth(request.env["omniauth.auth"], current_user)
if #user.persisted?
sign_in_and_redirect #user, :event => :authentication #this will throw if #user is not activated
flash[:notice] = I18n.t "devise.omniauth_callbacks.success", :kind => "Facebook"
set_flash_message(:notice, :success, :kind => "Facebook") # if is_navigational_format?
else
redirect_to root_url if user_signed_in?
session["devise.facebook_data"] = request.env["omniauth.auth"]
redirect_to new_user_registration_url
end
end
def create
super
end
#def update
# person = current_account.user.find(params[:id])
# person.update_attributes!(person_params)s
# redirect_to person
#end
private
def configure_permitted_parameters
devise_parameter_sanitizer.for(:users) do |u|
u.permit(:name, :email, :password, :password_confirmation, :uid, :provider)
end
end
end
UPDATE 2.
I'm not clearly understand what is resource in devise_parameter_sanitizer.for(?) and where i need to assign this ?
Please try the following.
def self.find_for_facebook_oauth(auth, signed_in_resource=nil)
user = User.where(:provider => auth.provider, :uid => auth.uid).first
unless user
user = User.create(name:auth.extra.raw_info.name,
provider:auth.provider,
uid:auth.uid,
email:auth.info.email,
password:Devise.friendly_token[0,20]
).permit!(:name, :uid, :provider)
end
user
end
Or
def facebook
#user = User.find_for_facebook_oauth(request.env["omniauth.auth"].permit!(:name, :uid, :provider), current_user)
if #user.persisted?
sign_in_and_redirect #user, :event => :authentication #this will throw if #user is not activated
flash[:notice] = I18n.t "devise.omniauth_callbacks.success", :kind => "Facebook"
set_flash_message(:notice, :success, :kind => "Facebook") # if is_navigational_format?
else
redirect_to root_url if user_signed_in?
session["devise.facebook_data"] = request.env["omniauth.auth"]
redirect_to new_user_registration_url
end
end
Then try this
def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:name, :email, :password, :password_confirmation, :uid, :provider) }
end
attr_accessible is not available in Rails 4 because Strong Parameters is now used by default. It appears you are already using strong parameters, so you should simply remove the line from your user model with attr_accessible in it.
I'm trying to make an admin account to validate the registration of a user, for that I have 2 devise models: admin and user.
I've followed these steps:
https://github.com/plataformatec/devise/wiki/How-To%3a-Require-admin-to-activate-account-before-sign_in
But from the view I get this error:
Undefined method `edit_user_path'
This is my app/models/user.rb
class User < ActiveRecord::Base
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :trackable, :validatable
attr_accessible :email, :password, :password_confirmation, :remember_me
def active_for_authentication?
super && approved?
end
def inactive_message
if !approved?
:not_approved
else
super # Use whatever other message
end
end
def self.send_reset_password_instructions(attributes={})
recoverable = find_or_initialize_with_errors(reset_password_keys, attributes, :not_found)
if !recoverable.approved?
recoverable.errors[:base] << I18n.t("devise.failure.not_approved")
elsif recoverable.persisted?
recoverable.send_reset_password_instructions
end
recoverable
end
end
App/controllers/unapproved_users_controller.rb
class UnapprovedUsersController < ApplicationController
def index
if params[:approved] == "false"
#users = User.find_all_by_approved(false)
else
#users = User.all
end
end
end
App/views/unapproved_users.html.haml
%h1 Users
= link_to "All Users", :action => "index"
|
= link_to "Users awaiting approval", :action => "index", :approved => "false"
%table
- #users.each do |user|
%tr
%td= user.email
%td= user.approved
%td= link_to "Edit", edit_user_path(user)
This path makes the problem:
= link_to "Edit", edit_user_path(user)
Option #1 - Check rake routes for the correct helper
Option #2 - You need to setup an administrator interface to edit users as I'm pretty sure devise only provides the interface for current_user not for people wanting to edit another user.
Option #3 - Use something like RailsAdmin
I'm rather new to Rails and I'm writing a signup form that includes nested models. When I submit the form, the user is saved just fine, but the nested model does not save anything to the Subscription db, and the console throws no errors.
I sincerely hope I'm not missing something insanely obvious, and I appreciate any tips you can share. Thanks!
Here is the code-
Models:
class Plan < ActiveRecord::Base
attr_accessible :posts, :name, :price
has_many :users
end
class User < ActiveRecord::Base
belongs_to :plan
has_many :events
has_one :subscription, :autosave => true
accepts_nested_attributes_for :subscription
attr_accessible :subscription_attributes
def save_with_payment
if valid?
customer = Stripe::Customer.create(
email:email,
plan: plan_id,
card: stripe_card_token )
self.stripe_customer_token = customer.id
save!
end
rescue Stripe::InvalidRequestError => e
logger.error "Stripe error while creating customer: #{e.message}"
errors.add :base, "There was a problem with your credit card."
false
end
end
class Subscription < ActiveRecord::Base
attr_accessible :plan_id, :status, :user_id
belongs_to :user
end
This is the User controller:
def new
#user = User.new
plan = Plan.find(params[:plan_id])
#user = plan.user
#user.build_subscription
end
def create
#user = User.new(params[:user])
if #user.save_with_payment
sign_in #user
flash[:success] = "Welcome to the SendEvent!"
redirect_to #user
else
render 'new'
end
end
This is the form:
<%= form_for #user, :html => {:class => "form-inline"} do |f| %>
<%= render 'shared/error_messages', object: f.object %>
<div class="control-group">
<%= f.label :name, :class => "control-label" %>
<%= f.text_field :name %>
</div>
# A few more fields here and...
# The nested model:
<%= f.fields_for :subscription do |builder| %>
<%= builder.hidden_field :status, :value => true %>
<% end %>
<%= f.submit "Create my account", class: "btn btn-large btn-primary", id: "submitacct" %>
<% end %>
Sample app from RailsCasts
RailsCasts Episode #196: Nested Model Form (revised)
Maybe help you.
Through other posts on SO I've learned that my sign-up process using a nested model form is flawed in that I create a new User, then redirect to create its Profile. Here is the process:
user = User.new
user.email = ...
user.password = ...
user.profile = Profile.new
user.profile.first_name = ...
...
user.profile.save
user.save
It seems as if one solution is to initiate the profile method from within the UsersController create(?) action, so that I POST to both models(?) then redirect to a page with a form to fill out the rest of the profile.
But I'm not entirely sure how to do that, as I am new to programming/Rails. So can anyone give me guidance on how to introduce the Profile method within the UsersController? I gave it a go but don't think it's correct. Code for both Users/ProfilesController below:
User:
def new
#user = User.new
#user.profile = Profile.new
end
def index
#user = User.all
end
def create
#user = User.new(params[:user])
if #user.profile.save
redirect_to profile_new_path, :notice => 'User successfully added.'
else
render :action => 'new'
end
end
Profile:
def new
#user.profile = Profile.new
end
def create
#profile = Profile.new(params[:profile])
if #profile.save
redirect_to profile_path, :notice => 'User successfully added.'
else
render :action => 'new'
end
end
Routes.rb:
match '/signup' => 'profiles#new', :as => "signup"
get "signup" => "profiles#new", :as => "signup"
root :to => 'users#new'
resources :users
resources :profiles
My nested model form (the relevant parts):
<%= form_for(:user, :url => { :action => :create }, :html => {:id => 'homepage'}) do |f| %>
<%= f.text_field :email, :size=> 13, :id => "user[email]" %>
<%= f.fields_for :profile do |f| %>
<% end%>
<% end %>
If anyone could help me I'd greatly appreciate it.
You should have something like this in your models:
class User < ActiveRecord::Base
has_one :profile
accepts_nested_attributes_for :profile
end
class Profile < ActiveRecord::Base
belongs_to :user
end
...of course all backed up with proper migrations. Then while building up a form you can use fields_for helper. Here is slightly modified example from docs:
<%= form_for #user do |user_form| %>
Email: <%= user_form.text_field :email %>
<%= user_form.fields_for :profile do |profile_fields| %>
First Name: <%= profile_fields.text_field :first_name %>
<% end %>
<% end %>
And update your user and his profile in the controller in one go, thanks to accepts_nested_attributes_for :profile declaration in your model.