In my before_create callback I CAN assign my custom GUID in the production and development environments. However, the same code running in the test environment CANNOT change the value of my custom GUID. See code example below.
require 'rubygems'
require 'uuidtools'
require 'base32/crockford'
class WhatClass < ActiveRecord::Base
# Declare the non-standard column guid as the primary key
set_primary_key :guid
# Use a callback to generate the record id
before_create :create_uuid
private
# This method creates a universally unique identifier (UUID)
# for an instance of WhatClass. This method is called before the
# record is created.
def create_uuid
# Create the UUID
uuid = UUIDTools::UUID.sha1_create(UUIDTools::UUID_URL_NAMESPACE, "string-to-create-from")
self.guid = Base32::Crockford.encode(uuid.to_i)
end
end
Can someone please explain why self.guid works in production/development but not in test?
Related
Hello my SQL and/or Rails friends.
Let's say we have two models:
class Hostel < ActiveRecord::Base
has_many :beds
end
class Bed < ActiveRecord::Base
belongs_to :hostel
end
When my user, a hostel owner, attempts to create a new booking, the params come in like so:
{bed_id: 12, start_date: "2017-10-13", end_date: "2017-10-15",...}
The bed_id comes from a dropdown menu showing all the current_user's bed names. The id is passed with the rest of the form data. Now, in the BookingsController, I have to manually make sure that a hacker doesn't manipulate the bed_id variable to a bed they don't own.
class BookingsController < ApplicationController
def create
#bed = current_user.beds.where(id: params[:bed_id]).first
if #bed
# create hostel booking
else
# this happens when the user willfully changes the bed_id
# number using DevTools
end
end
I don't mind verifying the user inputs this way, but I was wondering if there's a way to utilize SQL and/or foreign key constraints to make sure that a user doesn't create a booking using a bed that doesn't belong to them?
Here's some pidgin SQL that kind of demonstrates what I'm looking for. Basically, making the database validate that the user_id of the bed_id being used is that of the current_user's ID.
INSERT INTO bookings (start_date, end_date, bed_id, user_id)
VALUES ("2017-10-13", "2017-10-15", 12, 1)
UNLESS (SELECT * FROM beds WHERE id = 12).user_id != current_user.id
# what I'm doing above is verifying that bed #12 has a user_id that
# is the same as the current user's ID. That way, if a user
# manipulates the params, SQL catches it.
EDIT:
Here's a better question:
In Rails, I can open the console and create a new reservation manually:
Booking.new(user_id: 1, bed_id: 12, start: "2017-10-13", end: "2017-10-15")
and the database will create the record, even though the bed with ID #12 does not belong to user #1. Is there anyway to make SQL reinforce these constraints?
I know it is not exactly what was asked, but...
my preferred solution would be to do it in rails, which gives you better control and is platform independent.
(sorry I cannot validate this easily, but it should give you the idea)
class BookingsController < ApplicationController
before_action :check_authorisation, only: :create
def check_authorisation
unless current_user.beds.where(id: params[:bed_id]).first
flash[:danger] = "You are not authorised to access this section"
redirect_to home_url # halts request cycle need to adjust home_url to appropriate
end
end
Suppose I have a model user, which has a uniqueness constraint on the email field
If I call Factory(:user) once all is well, but if I call it a second time it'll fail with an "entry already exists" error.
I'm currently using a simple helper to search for an existing entry in the DB before creating the factory...and calling any factory I make through that helper.
It works, but it's not entirely elegant, and considering how common I assume this problem must be, I'm guessing there's a better solution. So, is there an inbuilt way in factory girl to return_or_create a factory, instead of just charging ahead with create()? If not, how do most folk avoid duplicate entries with their factories?
Simple answer: use factory.sequence
If you have a field that needs to be unique you can add a sequence in factory_girl to ensure that it is never the same:
Factory.define :user do |user|
sequence(:email){|n| "user#{n}#factory.com" }
user.password{ "secret" }
end
This will increment n each time in order to produce a unique email address such as user52#factory.com. (See https://github.com/thoughtbot/factory_girl/wiki/Usage for more info)
However this isn't always great in Rails.env.development...
Over time I have found that this is not actually the most useful way to create unique email addresses. The reason is that while the factory is always unique for your test environment it's not always unique for your development environment and n resets itself as you start the environment up and down. In :test this isn't a problem because the database is wiped but in :development you tend to keep the same data for a while.
You then get collisions and find yourself having to manually override the email to something you know is unique which is annoying.
Often more useful: use a random number
Since I call u = Factory :user from the console on a regular basis I go instead with generating a random number. You're not guaranteed to avoid collisions but in practice it hardly ever happens:
Factory.define :user do |user|
user.email {"user_#{Random.rand(1000).to_s}#factory.com" }
user.password{ "secret" }
end
N.B. You have to use Random.rand rather than rand() because of a collision (bug?) in FactoryGirl [https://github.com/thoughtbot/factory_girl/issues/219](see here).
This frees you to create users at will from the command line regardless of whether there are already factory generated users in the database.
Optional extra for making email testing easier
When you get into email testing you often want to verify that an action by a particular user triggered an email to another user.
You log in as Robin Hood, send an email to Maid Marion and then go to your inbox to verify it. What you see in your inbox is something from user_842#factory.com. Who the hell is that?
You need to go back to your database to check whether the email was sent / received by whomever you expected it to be. Again this is a bit of a pain.
What I like to do instead is to generate the email using the name of the Factory user combined with a random number. This makes it far easier to check who things are coming from (and also makes collisions vanishingly unlikely). Using the Faker gem (http://faker.rubyforge.org/) to create the names we get:
Factory.define :user do |user|
user.first_name { Faker::Name::first_name }
user.last_name { Faker::Name::last_name }
user.email {|u| "#{u.first_name}_#{u.last_name}_#{Random.rand(1000).to_s}#factory.com" }
end
finally, since Faker sometimes generates names that aren't email-friendly (Mike O'Donnell) we need to whitelist acceptable characters: .gsub(/[^a-zA-Z1-10]/, '')
Factory.define :user do |user|
user.first_name { Faker::Name::first_name }
user.last_name { Faker::Name::last_name }
user.email {|u| "#{u.first_name.gsub(/[^a-zA-Z1-10]/, '')}_#{u.last_name.gsub(/[^a-zA-Z1-10]/, '')}_#{Random.rand(1000).to_s}#factory.com" }
end
This gives us personable but unique emails such as robin_hood_341#factory.com and maid_marion_10#factory.com
Here's what I do to force the 'n' in my factory girl sequence to be the same as that object's id, and thereby avoid collisions:
First, I define a method that finds what the next id should be in app/models/user.rb:
def self.next_id
self.last.nil? ? 1 : self.last.id + 1
end
Then I call User.next_id from spec/factories.rb to start the sequence:
factory :user do
association(:demo)
association(:location)
password "password"
sequence(:email, User.next_id) {|n| "darth_#{n}#sunni.ru" }
end
I found this a nice way to be sure the tests will always pass.
Otherwise you can not be sure the 100% of the times you will create a unique email.
FactoryGirl.define do
factory :user do
name { Faker::Company.name }
email { generate(:email) }
end
sequence(:email) do
gen = "user_#{rand(1000)}#factory.com"
while User.where(email: gen).exists?
gen = "user_#{rand(1000)}#factory.com"
end
gen
end
end
If you only need to generate a few values for attributes, you can also add a method to String, which keeps track of the prior strings used for an attribute. You could then do something like this:
factory :user do
fullname { Faker::Name.name.unique('user_fullname') }
end
I use this approach for seeding. I wanted to avoid sequence numbers, because they do not look realistic.
Here the String extension which makes this happen:
class String
# Makes sure that the current string instance is unique for the given id.
# If you call unique multiple times on equivalent strings, this method will suffix it with a upcounting number.
# Example:
# puts "abc".unique("some_attribute") #=> "abc"
# puts "abc".unique("some_attribute") #=> "abc-1"
# puts "abc".unique("some_attribute") #=> "abc-2"
# puts "abc".unique("other") #=> "abc"
#
# Internal:
# We keep a data structure of the following format:
# ##unique_values = {
# "some_for_id" => { "used_string_1" : 1, "used_string_2": 2 } # the numbers represent the counter to be used as suffix for the next item
# }
def unique(for_id)
##unique_values ||= {} # initialize structure in case this method was never called before
##unique_values[for_id] ||= {} # initialize structure in case we have not seen this id yet
counter = ##unique_values[for_id][self] || 0
result = (counter == 0) ? self : "#{self}-#{counter}"
counter += 1
##unique_values[for_id][self] = counter
return result
end
end
Caution: This should not be used for lots of attributes, since we track all prior strings (optimizations possible).
Edit:
Is it possible to create a unique auto increment field that will be incremented on creates and updates in SQL using Rails (similar to an id field but incremented and re-assigned after an update)? For example:
Create Record A (Value: 1)
Create Record B (Value: 2)
Update Record A (Value: 3)
Update Record B (Value: 4)
I'm trying to setup pull synchronization and need a way to grab all records that have been created or updated since a previous synchronization.
I initially used the 'created_at' and 'updated_at' fields, but found them to be difficult to work with and somewhat inaccurate for partial synchronizations.
Edit:
I'm using Postgresql and Sqlite as my databases, so hopefully a solution exists that will work for both systems.
Edit:
To clarify, I want to pass a single integer to my server from the client (the largest 'sync' integer) and get back all the records created or updated after that record was created or updated.
Ended up adding a sequence integer field to my model and setup the following migration:
class CreateSequence < ActiveRecord::Migration
def self.up
begin
execute "CREATE SEQUENCE sequence"
rescue
end
end
def self.down
begin
execute "DROP SEQUENCE sequence"
rescue
end
end
end
Then, in my model I added:
before_save do
self.sequence = self.class.sequence
end
def self.sequence
s ||= self.connection.select_value("SELECT nextval('sequence') ") rescue nil
s ||= self.connection.select_value("SELECT strftime('%s','now')") rescue nil
return
end
Note: For Sqlite sequences are not supported so instead a selection of an 'epoch' form the database is required. However, this has the negative side effect of causing the sequence to be non-unique for rapid creation. However, in my case this was not an issue.
You could use a before_save callback, like so:
class MyModel < ActiveRecord::Base
before_save :increment
...
protected
def increment
self.revision ||= 1
self.revision += 1
end
end
You could make this more reusable by defining and using a Callback Class.
Another option it to use a Gem/plugin that does automatic versioning (and thus maintains a version field).
Whoops, didn't read too carefully.
If you want to grab the records that have been modified since the last sync you could create a boolean field for determining if the current record was synced. Set it to false by default and set it to false on any edit. That should allow you to pull only the items you need.
There is an id attribute that is provided by default and it auto increments. By default it is an integer, however if you were looking for a guid then let me know and I can point you to some good resources.
As far as pulling records since the last sync you could just grab the last id when you run the sync and use it as a starting value when you sync again.
So... the serial number is not associated with a row so much as a table, right?
class SerialNumber < AR::Base
has_many :thingies
# just has an integer serial number field
end
class Thingie < AR::Base
belongs_to :serial_number # probably want to include this in default scope
before_create :bump_serial
before_save : bump_serial
private
def bump_serial
self.serial_number ||= 0
self.serial_number += 1
end
end
This would appear to handle the cases of create, new/save, and update. But not destroy.
Try using the act_as_versioned gem.
It sets a version field for each record that you could use for synchronization. And I think that this would be a better way to synchronize across clients since you can compare the version on the server and client and synchronize those that are higher on the server.
The docs are here.
And the rubygem page is here.
I am pretty sure I am missing a basic mistake here, so I am hoping another set of eyes might help. I am using Rails 3, Ruby 1.9.2 and Rspec 2.
I would like to define dynamic class methods on a model so that I can return base roles for an assignable object (such as account) as they are added to the system. For example:
BaseRole.creator_for_account
Everything works fine via the console:
ruby-1.9.2-p180 :003 > BaseRole.respond_to?(:creator_for_account)
=> true
but when I run my specs for any of class methods, I get a NoMethodError wherever I call the method in the spec. I am assuming that something about how I am dynamically declaring the methods is not jiving with RSpec but I cannot seem to figure out why.
The lib dir is autoloaded path and the methods return true for respond_to?.
# /lib/assignable_base_role.rb
module AssignableBaseRole
def self.included(base)
base.extend(ClassMethods)
end
module ClassMethods
BaseRole.all.each do |base_role|
role_type = RoleType.find(base_role.role_type_id)
assignable_name = base_role.assignable_type.downcase
method = "#{role_type.name}_for_#{assignable_name}"
define_method(method) do
self.where(:role_type_id => role_type.id,
:assignable_type => assignable_name).first
end
end
end
end
Then include the Module in BaseRole
# /models/base_role.rb
class BaseRole < ActiveRecord::Base
include AssignableBaseRole
belongs_to :role
belongs_to :role_type
......
......
end
Then in my spec:
it "adds correct authority for creator role" do
create_assignment
base_role = BaseRole.creator_for_account # <== NoMethodError here
user1 = Factory.create(:user)
account.users << user1
user1.roles_for_assignable(account).should include(base_role.role)
end
Did you have another class in your project or specs with the same name, but doesn't have the dynamic methods added? I had the exact same problem as you, and renaming one of the classes fixed it.
My guess is the other class is getting loaded first
It appears you are defining these methods based on values in the database:
BaseRole.all.each do |base_role|
.....
Could it be that "creator" doesn't exist in the test database as a role type, or "account" doesn't exist as assignable_type?
Presumably you are testing this in the console for development, not test, so the data could be mismatched. Might need to set up the data in a before hook.
The context: creating a tripcode implementation (http://en.wikipedia.org/wiki/Tripcode) for a forum. Essentially, a weak hash for registrationless identification.
There is one model, 'Post'. Posts are arranged in parent/child format, new post creates parent, replies create child to parent. There is one form, right now has a field that posts to the controller/model, contains a content and password field.
require 'bcrypt'
class Shout
include DataMapper::Resource
include BCrypt
property :id, Serial # unique key
property :content, Text
property :password_hash, String
property :trip, String # trip for display
belongs_to :forum
is :tree, :order => [:created_at]
attr_accessor :password
#before :save do
def password
#password ||= Password.new(password_hash)
end
def password=(new_password)
#password = Password.create(new_password)
self.password_hash = #password
end
def trip
#trip = '!'<<self.password_hash.to_str[20..33]
self.trip = #trip
end
#end
end
DataMapper.finalize
The basic flow is this - post/reply, if there is a password in the password field, take that and run through bcrypt, store that result as password_hash for later comparison, create tripcode for display. But I'm getting errors I've been beating my head against
The primary error I'm getting is
undefined method `primitive?' for nil:NilClass
seemingly emanating from
lib/active_support/whiny_nil.rb:48:in `method_missing'
I don't know how to handle or work around this. I'm not doing something or checking something with the controller, but don't yet know what. The other error I'm getting stems from an invalid bcrypt hash, but not able to duplicate this immediately.
The hook methods are right off the bcrypt-ruby page.
Creating a BCryptHash field works (dm-types) -- but increases the time to process the form by a factor of 10, on a localhost server, and does it for every post so I need a way to tweak the cost of the bcrypt hash (eg. 1 instead of default 10) and only run it when there is a password present, which is why I'm doing this.
But this doesn't work right now, I've rammed my head against it enough and moving on to other problems and coming back to it if I can get some input. I'm working with rails, so I've added that tag although its not primarily a rails issue.
Feel free to review or contribute or use for errors here.
https://github.com/blueblank/Shout/tree/oneshout