I am returning to Rails after 5 years out of it and trying to understand the changes. I am going through Ryan Bates' Railscasts looking to update a template I built some years ago and am getting the above error when initializing the permissions class for authentication. (See RC#386 about 18:00 into the playback.)
Rails has changed the before_filter to before_action (makes sense...) and I have the following in the ApplicationController:
class ApplicationController < ActionController::Base
before_action :authorize
delegate :allow?, to: :current_permission
helper_method :allow?
delegate :allow_param?, to: :current_permission
helper_method :allow_param?
private
def current_user
#current_user ||= User.find(session[:user_id]) if session[:user_id]
end
helper_method :current_user
def current_permission
#current_permission ||= Permissions.permission_for(current_user)
end
def current_resource
nil
end
def authorize
if current_permission.allow?(params[:controller], params[:action], current_resource)
current_permission.permit_params! params
else
redirect_to root_url, alert: "Not authorized."
end
end
end
My permissions.rb file has the following:
module Permissions
def self.permission_for(user)
if user.nil?
GuestPermission.new
elsif user.admin?
AdminPermission.new(user)
else
MemberPermission.new(user)
end
end
end
I'm getting the above error: NoMethodError at /undefined method "permission_for" for Permissions:Module from BetterErrors (and Puma). However the method should be defined in the Permissions module; it's right there. Yet somehow, something has changed in Rails that I can't figure out.
I have tried to require the file: nothing.
Any help?
You need to include a module in a class to use it. It then adds functionality to that class, you do not access methods in module itself.
I'm guessing you need to do something like this (not tested):
class ApplicationController < ActionController::Base
include Permissions
before_action :authorize
change your module to:
module Permissions
def permission_for(user)
...
and then permissions_for is available in your controller
def current_permission
#current_permission ||= permission_for(current_user)
end
The only thing that has changed in Rails is how folders and files are included. The lib folder inside your rails app is not autoloaded by default.
I think best practice is now to add a lib folder within the app folder and then put all your modules and other classes in there. They will be included as soon as you restart your server.
Related
I'm attempting to build a Rails Gem somewhere between Devise and CanCan. Not nearly as complex as Devise, but having views and a controller.
I've created a method to be added to the top of any controller of the parent app that needs it almost exactly like Devise's before_action :authenticate_user! and CanCan's load_and_authorize_resource
I need the method to redirect_to a path in my mounted routes if the requirements are not met.
module MyEngine
module ControllerAdditions
extend ActiveSupport::Concern
module ClassMethods
def pin_verified
current_user ||= nil
#pinned = current_user.nil? ? nil : current_user
redirect_to setup_mobiles_path unless #pinned && #pinned.verified?
end
end
end
end
and in my spec/dummy/app/controllers/users_controller.rb
class UsersController < ApplicationController
pin_verified
def index
#users = User.all
end
end
pin_verified is getting called as it's supposed to but I get the following error:
undefined local variable or method `setup_mobiles_path' for UsersController:Class
Any thoughts on how I should be doing this?
==== edit ====
I altered this now to raise a custom exception, but now I need to rescue that exception some how and redirect to the needed path.
def pin_verified
current_user ||= nil
#pinned = current_user.nil? ? nil : current_user
unless #pinned && #pinned.verified?
raise ValidatedPinExpired
end
end
I tried adding this to the ApplicationController of my gem, but it doesn't seem to be hitting Controller at all.
module MyEngine
class ApplicationController < ActionController::Base
rescue_from Exception do |exception|
Rails.logger.info "==== exception: #{exception} ===="
redirect_to setup_mobiles_path
end
end
end
I want to add a filter to the ApplicationController but I want to do it within my gem.
What I want to avoid is the following:
class ApplicationController < ActionController::Base
include MyGem
end
I do not want that. I don't want to have to include my module in the source code.
I am having issues though.
Here is the relevant code:
lib/correlation_id/controller_extension
module CorrelationId
module ControllerExtension
def self.included(klass)
klass.class_eval do
after_filter :pass_correlation_id
end
end
def pass_correlation_id
correlation_id = request.headers['Correlation-ID'] || SecureRandom.uuid
headers['Correlation-ID'] = correlation_id
end
end
end
ApplicationController.send :include, CorrelationId::ControllerExtension
lib/correlation_id.rb
require 'correlation_id/controller_extension'
module CorrelationId
end
Now, when I'm in the test/dummy directory, which is a test rails app for my gem, I try to boot up the server using rails s and I get the following error:
/correlation_id/lib/correlation_id/controller_extension.rb:17:in `<top (required)>': uninitialized constant ApplicationController (NameError)
I'm clearly having problems with referencing ApplicationController to monkey-patch it.
How would I manage this? I want my gem to be self-contained.
The following code works. What I did was prematurely create ApplicationController with the appropriate inheritance. Note, many people use the rails-api gem, so I factored in them to ensure the fact that it would work.
Also, note: You must inherit from a class because otherwise ApplicationController will be a usual class that doesn't understand what after_filter is.
module CorrelationId
module ControllerExtension
def self.included(klass)
klass.class_eval do
after_filter :pass_correlation_id
end
end
def pass_correlation_id
correlation_id = request.headers['Correlation-ID'] || SecureRandom.uuid
headers['Correlation-ID'] = correlation_id
end
def self.base_controller_inheritance
if Gem::Specification.find_all_by_name('rails-api').any?
ActionController::API
else
ActionController::Base
end
end
end
end
class ApplicationController < CorrelationId::ControllerExtension.base_controller_inheritance
include CorrelationId::ControllerExtension
end
I imagine there might be a better way to check if they are using ActionController::API and if so, please do share, but as of now, this seems like the most solid way to do it.
How do I call a method from ApplicationController in a rails engine?
We are using ckeditor gem to integrate ckeditor in our rails app. Since we implemented our own authorization system, I need to make a custom ckeditor authorization hook which needs to get the current_user object to decide whether engine controller-action is allowed for this user.
I have current_user defined in mail_app ApplicationController, I want to call it from CKeditor::ApplicationController.
I have included my code here
config/inititializers/ckeditor.rb
Ckeditor.setup do |config|
config.current_user_method do
current_user
end
config.authorize_with :chronus
end
lib/ckeditor/hooks/chronus.rb
module Ckeditor
module Hooks
class ChronusAuthorization
include Ckeditor::Helpers::Controllers
def initialize(controller)
#controller = controller
#controller.extend ControllerExtension
end
def authorize(action, model_object = nil)
raise Authorization::PermissionDenied unless authorized?(action, model_object)
end
def authorized?(action, model_object = nil)
if action
if #controller.current_user_for_chronus.is_admin?
[:index, :create, :destroy].include? action
else
[:create].include? action
end
end
end
private
module ControllerExtension
def current_user_for_chronus
ckeditor_current_user
end
end
end
end
end
Ckeditor::AUTHORIZATION_ADAPTERS[:chronus] = Ckeditor::Hooks::ChronusAuthorization
There is suggestion in rails guide to make the engine's scoped ApplicationController to inherit from the main ApplicationController. But I cannot do that as engine here is an external gem. (Or is there a way to change the inheriting class?)
I have the following application_controller method:
def current_account
#current_account ||= Account.find_by_subdomain(request.subdomain)
end
Should I be calling it using a before_filter or a helper_method? What's the difference between the two and what should I consider in terms of the trade-offs in this case?
Thanks.
UPDATE FOR BETTER CLARITY
I'm finding that I can user the before_filter instead of the helper_method in that I'm able to call controller defined methods from my views. Perhaps it's something in how I arranged my code, so here is what I have:
controllers/application_controller.rb
class ApplicationController < ActionController::Base
protect_from_forgery
include SessionsHelper
before_filter :current_account
helper_method :current_user
end
helpers/sessions_helper.rb
module SessionsHelper
private
def current_account
#current_account ||= Account.find_by_subdomain(request.subdomain)
end
def current_user
#current_user ||= User.find(session[:user_id]) if session[:user_id]
end
def logged_in?
if current_user
return true
else
return false
end
end
end
controllers/spaces_controller.rb
class SpacesController < ApplicationController
def home
unless logged_in?
redirect_to login_path
end
end
end
views/spaces/home.html.erb
<%= current_account.inspect %>
In theory, this shouldn't work, right?
There is no relationship between using before_filter or helper_method. You should use helper method when you have a method in your controller that you would like to reuse in your views, this current_account might be a nice example for helper_method if you need to use it in your views.
They are two very different things. A before_filter is something that you want to be called once before an action starts. A helper method on the other hand gets repeated often, typically in a view.
That method you have there is just fine to stay where it is.
I solved my problem. I'm new to Rails, and didn't know that methods defined in the helpers directory are automatically helper_methods. Now I'm wondering how this effects memory/performance. But at least I have the mystery solved. Thanks everyone for your help!
Strange thing – I have Authentication module in lib/ like this:
module Authentication
protected
def current_user
User.find(1)
end
end
and in ApplicationController I'm including this module and all helpers, but method current_user is available in controllers, but not from views :( How can I make this work?
If the method were defined directly in the controller, you'd have to make it available to views by calling helper_method :method_name.
class ApplicationController < ActionController::Base
def current_user
# ...
end
helper_method :current_user
end
With a module, you can do the same, but it's a bit more tricky.
module Authentication
def current_user
# ...
end
def self.included m
return unless m < ActionController::Base
m.helper_method :current_user # , :any_other_helper_methods
end
end
class ApplicationController < ActionController::Base
include Authentication
end
Ah, yes, if your module is meant to be strictly a helper module, you can do as Lichtamberg said. But then again, you could just name it AuthenticationHelper and put it in the app/helpers folder.
Although, by my own experience with authentication code, you will want to have it be available to both the controller and views. Because generally you'll handle authorization in the controller. Helpers are exclusively available to the view. (I believe them to be originally intended as shorthands for complex html constructs.)
Did you declare it with
helper :foo # => requires 'foo_helper' and includes FooHelper
helper 'resources/foo' # => requires 'resources/foo_helper' and includes Resources::FooHelper
in your ApplicationController?
http://railsapi.com/doc/rails-v2.3.3.1/classes/ActionController/Helpers/ClassMethods.html#M001904