Rails 6: Active Storage deletes user after uploading new avatar - ruby-on-rails

I'm currently trying to implement active storage into my application. Normally, the avatar is filled out either by gravatar or facebook. I would also like to add the option to upload an avatar with active storage.
When I try to upload an image with active storage, the user somehow gets deleted and not the image?
This is the message I get when I try to upload a new avatar:
Started DELETE "/" for ::1 at 2019-08-17 22:43:49 +0200
Processing by RegistrationsController#destroy as HTML
Parameters: {"authenticity_token"=>"bLZvgURiPpttwsjOy5qxiAjD6Bs7+5V95faJmK8SfjzMuokmNb52s3S7w/uJ4AJhRvakH7l2KTjKZ06+3ormvw==", "user"=>{"avatar"=>#<ActionDispatch::Http::UploadedFile:0x00007f0e38d09d30 #tempfile=#<Tempfile:/tmp/RackMultipart20190817-600-2yzlj3.jpg>, #original_filename="IMG-20190730-WA0010.jpg", #content_type="image/jpeg", #headers="Content-Disposition: form-data; name=\"user[avatar]\"; filename=\"IMG-20190730-WA0010.jpg\"\r\nContent-Type: image/jpeg\r\n">, "fullname"=>"My Fullname", "email"=>"my#email.com", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]", "current_password"=>"[FILTERED]"}, "commit"=>"Save Changes"}
User Load (0.8ms) SELECT "users".* FROM "users" WHERE "users"."id" = ? ORDER BY "users"."id" ASC LIMIT ? [["id", 4], ["LIMIT", 1]]
(0.1ms) begin transaction
ActiveStorage::Attachment Load (1.2ms) SELECT "active_storage_attachments".* FROM "active_storage_attachments" WHERE "active_storage_attachments"."record_id" = ? AND "active_storage_attachments"."record_type" = ? AND "active_storage_attachments"."name" = ? LIMIT ? [["record_id", 4], ["record_type", "User"], ["name", "avatar"], ["LIMIT", 1]]
User Destroy (3.9ms) DELETE FROM "users" WHERE "users"."id" = ? [["id", 4]]
(8.5ms) commit transaction
Redirected to http://localhost:3000/
Completed 302 Found in 43ms (ActiveRecord: 14.5ms | Allocations: 8406)

Started DELETE "/" for ::1 at 2019-08-17 22:43:49 +0200
You submitted the form using the DELETE method. Therefore, the user is deleting. You must submit the form by POST method.

Related

Ruby OAuth2 timeout error getting Token

I posted this of the issues page for the doorkeeper gem, but looking at it, I wonder if I should post here, any help would be amazing as I am completely stuck
I have been following the wiki on doorkeeper and doing the "Testing your provider with OAuth2 gem" (https://github.com/doorkeeper-gem/doorkeeper/wiki/Testing-your-provider-with-OAuth2-gem)
I am running rails 5.1.4, ruby 2.4.1, doorkeeper gem 4.2.6 and oauth2 v1.4.0
I am having issues trying to do what is done in the testing wiki in code, which is get an auth token
My sessions controller:
def new
session[:state] = 'some state sent from amazon'
session[:client_id] = 'some client id'
session[:client_secret] = 'some client secret'
session[:redirect_uri] = "#{request.base_url}/oauth/callback"
end
def create
user = User.find_by(email: params[:session][:email].downcase)
if user && user.authenticate(params[:session][:password])
if user.activated?
log_in user
redirect_to client.auth_code.authorize_url(:redirect_uri => session[:redirect_uri])
end
end
end
#route for /oauth/cllback comes here
def callback
token = client.auth_code.get_token(params[:code], :redirect_uri => session[:redirect_uri])
# testing print to screen
render json: token
end
private
def client
OAuth2::Client.new(session[:client_id], session[:client_secret], :site => request.base_url)
end
So as a user i log in, I authorise the app and then it times out and I get the following log for the whole flow:
Started GET "/login?client_id=<client_id>&response_type=code&state=<amazon state>&redirect_uri=https%3A%2F%2Fpitangui.amazon.com%2Fapi%2Fskill%2Flink%2FM2X1TLJOHDU07S" for 5.175.83.20 at 2017-10-23 13:36:35 +0100
Processing by SessionsController#new as HTML
Parameters: {"client_id"=>"<client_id>", "response_type"=>"code", "state"=>"<amazon state>", "redirect_uri"=>"https://pitangui.amazon.com/api/skill/link/M2X1TLJOHDU07S"}
Rendering sessions/new.html.erb within layouts/application
Rendered sessions/new.html.erb within layouts/application (1.5ms)
Rendered layouts/_shim.html.erb (0.5ms)
User Load (0.3ms) SELECT "users".* FROM "users" WHERE "users"."id" = $1 LIMIT $2 [["id", 1], ["LIMIT", 1]]
Rendered layouts/_header.html.erb (36.3ms)
Completed 200 OK in 121ms (Views: 107.5ms | ActiveRecord: 4.0ms)
Started POST "/login" for 5.175.83.20 at 2017-10-23 13:40:35 +0100
Processing by SessionsController#create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"aR03Eo+jxzN+oDPrnOevHn6moTCSePoLAi2Ncc7pKbtxVQa6lLu+IzdEsfzrexpJVm6MdOugIQICyN2ZNS7hgw==", "session"=>{"email"=>"me#daviesp.co.uk", "password"=>"[FILTERED]", "remember_me"=>"0"}, "commit"=>"Log In"}
User Load (0.6ms) SELECT "users".* FROM "users" WHERE "users"."email" = $1 LIMIT $2 [["email", "me#daviesp.co.uk"], ["LIMIT", 1]]
Redirected to https://3751d64e.ngrok.io/oauth/authorize?client_id=<client_id>&redirect_uri=https%3A%2F%2F3751d64e.ngrok.io%2Foauth%2Fcallback&response_type=code
Completed 302 Found in 67ms (ActiveRecord: 0.6ms)
Started GET "/oauth/authorize?client_id=<client_id>&redirect_uri=https%3A%2F%2F3751d64e.ngrok.io%2Foauth%2Fcallback&response_type=code" for 5.175.83.20 at 2017-10-23 13:40:36 +0100
Processing by Doorkeeper::AuthorizationsController#new as HTML
Parameters: {"client_id"=>"<client_id>", "redirect_uri"=>"https://3751d64e.ngrok.io/oauth/callback", "response_type"=>"code"}
User Load (0.4ms) SELECT "users".* FROM "users" WHERE "users"."id" = $1 LIMIT $2 [["id", 1], ["LIMIT", 1]]
Doorkeeper::Application Load (0.4ms) SELECT "oauth_applications".* FROM "oauth_applications" WHERE "oauth_applications"."uid" = $1 LIMIT $2 [["uid", "6067fbe8f36b4343aa297ce76348e868f9ea04b04841adb411d0885c491c1d48"], ["LIMIT", 1]]
CACHE User Load (0.0ms) SELECT "users".* FROM "users" WHERE "users"."id" = $1 LIMIT $2 [["id", 1], ["LIMIT", 1]]
CACHE User Load (0.0ms) SELECT "users".* FROM "users" WHERE "users"."id" = $1 LIMIT $2 [["id", 1], ["LIMIT", 1]]
Doorkeeper::AccessToken Load (0.5ms) SELECT "oauth_access_tokens".* FROM "oauth_access_tokens" WHERE "oauth_access_tokens"."application_id" = $1 AND "oauth_access_tokens"."resource_owner_id" = $2 AND "oauth_access_tokens"."revoked_at" IS NULL ORDER BY created_at desc LIMIT $3 [["application_id", 11], ["resource_owner_id", 1], ["LIMIT", 1]]
CACHE User Load (0.0ms) SELECT "users".* FROM "users" WHERE "users"."id" = $1 LIMIT $2 [["id", 1], ["LIMIT", 1]]
(0.2ms) BEGIN
Doorkeeper::AccessGrant Exists (0.6ms) SELECT 1 AS one FROM "oauth_access_grants" WHERE "oauth_access_grants"."token" = $1 LIMIT $2 [["token", "a6bd0459570f1e0116ca6b2cade1e60ae83ba439d3c70b750046cfffe3cc85e4"], ["LIMIT", 1]]
SQL (0.5ms) INSERT INTO "oauth_access_grants" ("resource_owner_id", "application_id", "token", "expires_in", "redirect_uri", "created_at", "scopes") VALUES ($1, $2, $3, $4, $5, $6, $7) RETURNING "id" [["resource_owner_id", 1], ["application_id", 11], ["token", "a6bd0459570f1e0116ca6b2cade1e60ae83ba439d3c70b750046cfffe3cc85e4"], ["expires_in", 600], ["redirect_uri", "https://3751d64e.ngrok.io/oauth/callback"], ["created_at", "2017-10-23 12:40:36.235539"], ["scopes", ""]]
(1.5ms) COMMIT
Redirected to https://3751d64e.ngrok.io/oauth/callback?code=a6bd0459570f1e0116ca6b2cade1e60ae83ba439d3c70b750046cfffe3cc85e4
Completed 302 Found in 14ms (ActiveRecord: 4.2ms)
Started GET "/oauth/callback?code=[FILTERED]" for 5.175.83.20 at 2017-10-23 13:40:36 +0100
Processing by SessionsController#oauth_call as HTML
Parameters: {"code"=>"[FILTERED]"}
Started POST "/oauth/token" for 5.175.83.20 at 2017-10-23 13:40:37 +0100
Completed 500 Internal Server Error in 60406ms (ActiveRecord: 0.0ms)
Faraday::TimeoutError (Net::ReadTimeout)
Cant for the life of me figure out why it works in irb but not in code. Here is what i do in irb
irb(main):001:0> require 'oauth2'
=> true
irb(main):002:0>
irb(main):003:0* client_id = '6067fbe8f36b4343aa297ce76348e868f9ea04b04841adb411d0885c491c1d48'
=> "6067fbe8f36b4343aa297ce76348e868f9ea04b04841adb411d0885c491c1d48"
irb(main):004:0> client_secret = '937088f4b7579b8922ad02518477da7be699958df1b1e8a85da34f2e8b4ce086'
=> "937088f4b7579b8922ad02518477da7be699958df1b1e8a85da34f2e8b4ce086"
irb(main):005:0> redirect_uri = 'https://3751d64e.ngrok.io/oauth/callback'
=> "https://3751d64e.ngrok.io/oauth/callback"
irb(main):006:0> site = 'https://3751d64e.ngrok.io'
=> "https://3751d64e.ngrok.io"
irb(main):007:0> state = 'some state'
=> "some state"
irb(main):008:0> client = OAuth2::Client.new(client_id, client_secret, :site => site)
=> #<OAuth2::Client:0x007fa61414c4b0 #id="6067fbe8f36b4343aa297ce76348e868f9ea04b04841adb411d0885c491c1d48", #secret="937088f4b7579b8922ad02518477da7be699958df1b1e8a85da34f2e8b4ce086", #site="https://3751d64e.ngrok.io", #options={:authorize_url=>"/oauth/authorize", :token_url=>"/oauth/token", :token_method=>:post, :auth_scheme=>:request_body, :connection_opts=>{}, :connection_build=>nil, :max_redirects=>5, :raise_errors=>true}>
irb(main):009:0> client.auth_code.authorize_url(:redirect_uri => redirect_uri)
=> "https://3751d64e.ngrok.io/oauth/authorize?client_id=6067fbe8f36b4343aa297ce76348e868f9ea04b04841adb411d0885c491c1d48&redirect_uri=https%3A%2F%2F3751d64e.ngrok.io%2Foauth%2Fcallback&response_type=code"
even If i put that uri into browser and it returns the access token:
{"token_type":"bearer","created_at":1508763209,"access_token":"38282cae5191923f1f358aece869e237d4d9742cdd7c918ae63104c57807a826","refresh_token":null,"expires_at":1508770409}
Again any help would be amazing!
So I found in my Dev Environment, if i stop using puma and rails server and started using POW, the issue went away. I checked if puma was running as single thread but it was running 5 threads, so not sure why this was happening.

POST "/admin/users/26/approve_vip" not working

I want to approve the user to be vip,but when I press the button.The page refreshed but nothing changed.The log in terminal is
Started POST "/admin/users/26/approve_vip" for ::1 at 2016-12-12 16:33:22 +0800
Processing by Admin::UsersController#approve_vip as HTML
Parameters: {"authenticity_token"=>"qYrbaVH/cssY3VBYLw6Hd4wXl42Zz8OqkdHGGoITEeeWtbJ4ZOLOmJF/Jmpx70s9aaL5Yr0vFhqNV9kGHtILpA==", "user_id"=>"26"}
User Load (0.2ms) SELECT "users".* FROM "users" WHERE "users"."id" = ? ORDER BY "users"."id" ASC LIMIT ? [["id", 4], ["LIMIT", 1]]
User Load (0.1ms) SELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT ? [["id", 26], ["LIMIT", 1]]
SQL (1.4ms) UPDATE "users" SET "is_vip" = 't' WHERE "users"."id" = ? [["id", 26]]
(0.0ms) begin transaction
(0.0ms) commit transaction
DEPRECATION WARNING: `redirect_to :back` is deprecated and will be removed from Rails 5.1. Please use `redirect_back(fallback_location: fallback_location)` where `fallback_location` represents the location to use if the request has no HTTP referer information. (called from approve_vip at /Users/a1/JDDstore/app/controllers/admin/users_controller.rb:26)
Redirected to http://localhost:3000/admin/users
Completed 302 Found in 6ms (ActiveRecord: 1.7ms)
Started POST "/admin/users/26/approve_vip" for ::1 at 2016-12-12 15:41:47 +0800
Processing by Admin::UsersController#approve_vip as HTML
Parameters: {"authenticity_token"=>"uYc9hdEZaYCgfhdmYK3XnyK2lcraPpHWfuXcQ5cRtLyGuFSU5ATV0yncYVQ+TBvVxwP7Jf7eRGZiY8NfC9Cu/w==", "user_id"=>"26"}
User Load (0.1ms) SELECT "users".* FROM "users" WHERE "users"."id" = ? ORDER BY "users"."id" ASC LIMIT ? [["id", 4], ["LIMIT", 1]]
User Load (0.1ms) SELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT ? [["id", 26], ["LIMIT", 1]]
(0.0ms) begin transaction
(0.0ms) commit transaction
DEPRECATION WARNING: `redirect_to :back` is deprecated and will be removed from Rails 5.1. Please use `redirect_back(fallback_location: fallback_location)` where `fallback_location` represents the location to use if the request has no HTTP referer information. (called from approve_vip at /Users/a1/JDDstore/app/controllers/admin/users_controller.rb:26)
Redirected to http://localhost:3000/admin/users
Completed 302 Found in 4ms (ActiveRecord: 0.3ms)
And the code in controller is
def approve_vip
#user = User.find(params[:user_id])
#user.is_vip=true
#user.save
redirect_to :back
end
Can you tell me why it not change the role?
If you want to know more informatian, please let me know. Thank you very much for helping me.
It looks you have some model callback (may be before_save) which is restricting to update the records.
You can use update_column or update_columns to bypass the callbacks/validations and directly make a update query to your db.
def approve_vip
#user = User.find(params[:user_id])
#user.update_columns(is_vip: true)
redirect_to :back
end
You need to read error's message. Probably the user's validation is failed.
def approv!
update_attributes!(is_vip: true)
end
This code give you exception with the error's message.

Can't get JSON data from Rails API

I make a get request to http://localhost:3000/cars/1 but server does not reply json data. It says like that
Started GET "/api/cars/1" for 127.0.0.1 at 2016-10-07 12:47:34 +0600
Processing by Api::V1::CarsController#show as HTML
Parameters: {"id"=>"1"}
User Load (0.5ms) SELECT "users".* FROM "users" WHERE "users"."uid" = $1 LIMIT $2 [["uid", "sahidul03#gmail.com"], ["LIMIT", 1]]
Car Load (0.6ms) SELECT "cars".* FROM "cars" WHERE "cars"."id" = $1 LIMIT $2 [["id", 1], ["LIMIT", 1]]
User Load (1.0ms) SELECT "users".* FROM "users" WHERE "users"."id" = $1 LIMIT $2 [["id", 1], ["LIMIT", 1]]
Started GET "/" for 127.0.0.1 at 2016-10-07 12:47:34 +0600
Processing by Rails::WelcomeController#index as HTML
Parameters: {"internal"=>true}
(2.9ms) BEGIN
Rendering /home/sahidul/.rvm/gems/ruby-2.2.3/gems/railties- 5.0.0.1/lib/rails/templates/rails/welcome/index.html.erb
Rendered /home/sahidul/.rvm/gems/ruby-2.2.3/gems/railties-5.0.0.1/lib/rails/templates/rails/welcome/index.html.erb (3.9ms)
Completed 200 OK in 11ms (Views: 10.2ms | ActiveRecord: 0.0ms)
(6.8ms) COMMIT
Completed 200 OK in 25ms (Views: 1.3ms | ActiveRecord: 11.8ms)
My controller method is like that
def show
car= Car.find(params[:id])
render json: car
end
Front-end request is
function getCar(id) {
return $http.get($auth.domain + '/api/cars/' + id);
}
I use devise_token_auth gem in back-end and ng-token-auth in front-end
Append .json to the URL
$http.get($auth.domain + '/api/cars/' + id + '.json');
Hope that helps!

manage users by an admin in ruby on rails

how can I manage and edit other users profiles as an admin since I have one model and controller (users) ?
I tried to add a new action called updateusers
def updateusers
#other_user=User.find(params[:id])
if #other_user.update_attributes(otherusers_params)
redirect_to '/'
else
redirect_to '/manage'
end
end
the problem here :it is updating my admin user with the other_user's data
stack trace
Started GET "/manage" for ::1 at 2016-03-19 21:06:08 +0300 Processing by UsersController#manage as HTML User Load (1.0ms) SELECT "users".* FROM "users" Rendered users/manage.html.erb within layouts/application (5.0ms) User Load (0.0ms) SELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT 1 [["id", 1]] Completed 200 OK in 53ms (Views: 51.0ms | ActiveRecord: 1.0ms)
'Started GET "/users/10" for ::1 at 2016-03-19 21:06:10 +0300 Processing by UsersController#show as HTML Parameters: {"id"=>"10"} User Load (0.0ms) SELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT 1 [["id", 10]] Rendered users/show.html.erb within layouts/application (0.0ms) User Load (0.0ms) SELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT 1 [["id", 1]] Completed 200 OK in 37ms (Views: 36.0ms | ActiveRecord: 0.0ms)
Started GET "/editusers/10" for ::1 at 2016-03-19 21:06:11 +0300 Processing by UsersController#editusers as HTML Parameters: {"id"=>"10"} User Load (0.0ms) SELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT 1 [["id", 10]] Rendered users/editusers.html.erb within layouts/application (4.0ms) User Load (1.0ms) SELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT 1 [["id", 1]] Completed 200 OK in 41ms (Views: 39.0ms | ActiveRecord: 1.0ms)
Started PATCH "/users/10" for ::1 at 2016-03-19 21:06:15 +0300 Processing by UsersController#update as HTML Parameters: {"utf8"=>"✓", "authenticity_token"=>"6M1TGLQUEhiezCCg9/rT5IofdroMiQ0sm+bYcihgGDxTjDdFGU2Riou2p‌​cRk5ncjCtFDGwfBj17Uq7gc0u329w==", "user"=>{"first_name"=>"g", "last_name"=>"g", "email"=>"g#g.g", "role"=>"editor", "image"=>"pic.png", "admins"=>""}, "other"=>"update", "id"=>"10"} User Load (0.0ms) SELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT 1 [["id", 1]]
Unpermitted parameters: role, admins
(0.0ms) begin transaction SQL (1.0ms) UPDATE "users" SET "first_name" = ?, "last_name" = ?, "email" = ?, "updated_at" = ? WHERE "users"."id" = ? [["first_name", "g"], ["last_name", "g"], ["email", "g#g.g"], ["updated_at", "2016-03-19 18:06:15.488284"], ["id", 1]] (47.0ms) commit transaction Redirected to localhost:8080/profile Completed 302 Found in 54ms (ActiveRecord: 48.0ms)
If it's updating the wrong user, it means that params[:id] is the id of the user being updated. Are you passing the id of the user you want to update in the params? Try calling puts params.inspect at the top of the controller action to see what data is being passed. You need to look up #other_user with their id and you need to make sure that #other_user's id is being passed with the other form data.
after 10 days ,, Yes i did it - the solution is in the name of submit , I named the two submits with diffrent names <%= f.submit "update", name:"other" %>
then i used the update action like this
def update
if params[:current]
#user = current_user
if #user.update_attributes(user_params)
redirect_to '/profile'
else
redirect_to '/edit'
end
elsif params[:other]
#other_user=User.find(params[:id])
if #other_user.update_attributes(otherusers_params)
redirect_to '/'
else
redirect_to '/manage'
end
end
end

how to manage users by an admin in ruby on rails

how can I manage and edit other users profiles as an admin since I have one model and controller (users) ?
I tried to add a new action called updateusers
def updateusers
#other_user=User.find(params[:id])
if #other_user.update_attributes(otherusers_params)
redirect_to '/'
else
redirect_to '/manage'
end
end
the problem here :it is updating my admin user with the other_user's
data
stack trace
Started GET "/manage" for ::1 at 2016-03-19 21:06:08 +0300 Processing by
UsersController#manage as HTML User Load (1.0ms) SELECT "users".* FROM
"users" Rendered users/manage.html.erb within layouts/application (5.0ms) User
Load (0.0ms) SELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT 1
[["id", 1]] Completed 200 OK in 53ms (Views: 51.0ms | ActiveRecord: 1.0ms)
'Started GET "/users/10" for ::1 at 2016-03-19 21:06:10 +0300 Processing by
UsersController#show as HTML Parameters: {"id"=>"10"} User Load (0.0ms) SELECT
"users".* FROM "users" WHERE "users"."id" = ? LIMIT 1 [["id", 10]] Rendered
users/show.html.erb within layouts/application (0.0ms) User Load (0.0ms) SELECT
"users".* FROM "users" WHERE "users"."id" = ? LIMIT 1 [["id", 1]] Completed 200
OK in 37ms (Views: 36.0ms | ActiveRecord: 0.0ms)
Started GET "/editusers/10" for ::1 at 2016-03-19 21:06:11 +0300 Processing
by UsersController#editusers as HTML Parameters: {"id"=>"10"} User Load (0.0ms)
SELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT 1 [["id", 10]]
Rendered users/editusers.html.erb within layouts/application (4.0ms) User Load
(1.0ms) SELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT 1 [["id", 1]]
Completed 200 OK in 41ms (Views: 39.0ms | ActiveRecord: 1.0ms)
Started PATCH "/users/10" for ::1 at 2016-03-19 21:06:15 +0300 Processing by
UsersController#update as HTML Parameters: {"utf8"=>"✓",
"authenticity_token"=>"6M1TGLQUEhiezCCg9/rT5IofdroMiQ0sm+bYcihgGDxTjDdFGU2Riou2p‌​
cRk5ncjCtFDGwfBj17Uq7gc0u329w==", "user"=>{"first_name"=>"g", "last_name"=>"g",
"email"=>"g#g.g", "role"=>"editor", "image"=>"pic.png", "admins"=>""},
"other"=>"update", "id"=>"10"} User Load (0.0ms) SELECT "users".* FROM "users"
WHERE "users"."id" = ? LIMIT 1 [["id", 1]] Unpermitted parameters: role, admins
(0.0ms) begin transaction SQL (1.0ms) UPDATE "users" SET "first_name" = ?,
"last_name" = ?, "email" = ?, "updated_at" = ? WHERE "users"."id" = ?
[["first_name", "g"], ["last_name", "g"], ["email", "g#g.g"], ["updated_at",
"2016-03-19 18:06:15.488284"], ["id", 1]] (47.0ms) commit transaction Redirected
to localhost:8080/profile Completed 302 Found in 54ms (ActiveRecord: 48.0ms)
The user ID of the form in "editusers" is set to your admin (or logged in user). It's hard to say without seeing the code but I think you've set up the editusers form incorrectly. Perhaps using a hidden field to hold the ID of the user you want to update.
Try to avoid that and set up the #user object in the 'editusers' action #user = User.find(10)
Then in your view use a form_for #user do |f| without any hidden fields for the ID.
after 10 days ,, Yes i did it - the solution is in the name of submit , I named the two submits with diffrent names <%= f.submit "update", name:"other" %> then i used the update action like this
def update
if params[:current]
#user = current_user
if #user.update_attributes(user_params)
redirect_to '/profile'
else
redirect_to '/edit'
end
elsif params[:other]
#other_user=User.find(params[:id])
if #other_user.update_attributes(otherusers_params)
redirect_to '/'
else
redirect_to '/manage'
end
end
end

Resources