I use Devise and right now /users/edit contains only Devise's password change form. I want to add a user settings form.
I am new to Rails, what is the best way to do this?
The view for /users/edit seems to be in /app/views/devise/passwords/edit.html.erb.
The controller for /users/edit is nowhere to be found. How to extract it from Rails's magic so that I can modify it?
The appropriate view is app/views/devise/registrations/edit.html.erb. You dont need controller to add additional fields into the registrations form, even if its a nested form fields of another model. Just make appropriate changes in your User model to save nested associations (accepts_nested_attributes_for), attr_accessible etc.
Related
I'm currently changing around how my ActiveAdmin interface works so that it integrates both attr_accessible items and CanCan. In some of my models I have a specific controller action for the Submit button on the form such as
= f.actions do
= f.action :submit, label: 'Update Password'
And in that Update Password method I am able to do the update_attributes(*,as: #admin_user.role.name.to_sym) where #admin_user is the current admin user. This allows only admin users with the permitted role to update their password.
The problem I have is when ActiveAdmin is doing the generic update, specifically
=f.action :submit
How can I pass options to ActiveAdmin so that when it does the update it will use the specified role? I know that the buttons use Formtasti, and that the :label method is part of that, but I can't seem to find anything about using passing other options.
One option for me is to write an override for the edit method in each of my models, but that kinda defeats the purpose of ActiveAdmin, doesn't it?
Now, my CanCan abilities already have been set so that only certain roles can access certain items. Does this override the attr_accessible items? I know that if the item is not attr_accessible, even if it's manageable in CanCan, will not change via mass-assignment.
What I really need to know is that if I were a hacker, could I inject an update_attributes(params[:whatever], as: :admin) and it would block it because of CanCan's Ability? Is it worth it to have both the item be protected via attr_accessibleand CanCan's Ability class?
ActiveAdmin and SimpleForm do not support the as: [role] feature which I was trying to work with. However, this isn't a problem with strong_parameters in Rails 4 since it's a completely different way of handling mass-assignment.
Also, CanCan does block out any mass-assignment hacks since you can't mass-assign unless you have access to the form, and if you don't have explicit :edit, :update, or :manage permission then you don't have access to the form.
Is there a way to load a view for no confirmed users that login?
Default behaviour is to show a notice: " You have to confirm your account before continuing."
I tried
overrule the sessions#create method of devise checking for current_user.confirmed_at.blank?
in the after_singin_path check for current_user.confirmed_at.blank? and render the view instead
My goal is to render a custom view instead of the notice but cannot hook into the right location. Who knows how to accomplish this? thx!
You can simply copy the code from the devise github and place in your controllers/devise. then change any action or method you want to.
You may also just extend the devise session controller and override any action you want to.
class Abc < Devise::SessionsController
# this just reopens the class.
# Remember classes are never "closed" in ruby!
end
I like the ruby way of solving this, I guess that in your UsersController after a POST request the user will be returned and signed in using the sign_in(Object) helper Devise provides.
Also I suggest using a confirmed boolean instead of timestamp.
Why not check for the value using an if else statement the ruby way:
user.confirmed ? sign_in(user) : render :partial => 'path/partial'
Hope this might help you out
I have a Rails 3 controller which is not pluralized (IphoneUser) - it already has some controller methods, and a model generated.
However I'd like now rather than when it gets too late into the game, to pluralize it.
What's the best way to pluralize this controller without a nightmare of 1-by-1 guess and checks?
You should just need to rename the controller, it's class name, it's views folder, its helper and its functional tests. The only other option is to use the rails generator to destroy it rails destroy and then recreate it named properly. I'd just copy the controller methods and paste them into the new file. rails destroy won't affect your model.
I have a problem and I dont know how to solve it.
I have a user that log in a web site, and I identify them by session[:user_id] and user has a status page that is defined in user_controller and in status view.
So, I would like to make one page for admin, to see all the statuses from all users on one page, using already written controller and view.
Is that possible?
I could rewrite some of the code, so that I could call with params, like ?user_id=70 and then set session[:user_id]=params[:user_id], but it would be painful if I will have to rewrite whole statuses, beside i would have to maintain same code on 2 different places.
Thank you.
Dorijan
If you need more functionality in your controller, you can add more actions to it. You can also do that in a resourcefull way.
On the other hand it usually is best practice to keep controllers thin.
See: ActionController
In order to make your views reusable, you should use partials.
You could make a _user_status partial.html.erb and render a single partial for a user render all of them for an admin.
Checkout: Layouts and Rendering in Rails
I would like to collect emails of prospective users of my app. I've created a page with a simple form. My first question is that since I'm not using a db, do I need a model? And secondly, how do I use "form_for" for form generation if I don't need to use a model. Thank you
I've done this. First I created a simple form with an email field and submit button in my views (app/views/home.html.erb). I use form tag helper to easily create the form rather than writing my own html: http://guides.rubyonrails.org/form_helpers.html. I made sure route the form action to the correct action in my controller. In the controller I use hominid to do the subscription, then redirect to the index using redirect_to (':action => home'). That's all it took.