I'm ripping my hair out with this one. I am getting an unpermitted params on a form_with with a nested resource. I am using Rails 5.2.1 and Ruby 2.5.
I am not sure where in the world I am going wrong with this. I have tried all sorts of variations of site_params but to no luck. Any help would be appreciated.
Here's my routes.rb:
resources :locations do
post 'sites', to: 'sites#custom_create', as: :site_custom
resources :sites, except: [:edit, :update, :show]
end
And the relevant Controller Functions:
def new
verify_site_name or return
#site = #location.sites.new
authorize #site
#available_site = AvailableSite.find_by(site_name: params[:site_name])
#finder_results = get_finder_results([:site_name], #location)
end
def create
verify_site_name or return
#site = #location.sites.new(site_params)
authorize #site
respond_to do |format|
if #site.save
format.html { redirect_to location_sites_path, notice: 'Location was successfully created.' }
format.json { render :show, status: :created, site: #site }
else
format.html { redirect_to location_sites_path, alert: "#{#site.errors.full_messages.first}" }
format.json { render json: #site.errors, status: :unprocessable_entity }
end
end
end
# Never trust parameters from the scary internet, only allow the white list through.
def site_params
params.permit(:location_id, :place_id, :site_name, :review_url)
end
# Use callbacks to share common setup or constraints between actions.
def set_site
#site = Site.find(params[:id])
end
def set_location
#location = Location.friendly.find(params[:location_id])
end
And of course, the form itself:
<%= form_with(model: [#location, #site], local: true, class: 'site-form') do |form| %>
<%= hidden_field_tag(:site_name, #available_site.site_name) %>
<div class="field md:w-3/4 lg:w-2/3 mx-auto text-left">
<%= form.text_field :review_url, class: 'text-input', placeholder: 'https://www.facebook.com/yourbusinessname/review/?ref=page_internal' %>
<span class="form-required">*required</span>
</div>
<%= form.submit "Manually Submit #{#available_site.site_name.titleize}", class: 'btn btn-green btn-outline' %>
<% end %>
And lastly, the log:
Started POST "/locations/tekamar-mortgages-ltd/sites" for 127.0.0.1 at 2018-12-03 15:30:57 +0000
Processing by SitesController#custom_create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"l/DjkUbVNyw+nrXxo1B/9IGru043Ftroxy8FcuNcZuxmJ7V3j0gC8njm5kpGPT8c7tMWSaAR/ler3cSHY+t8aA==", "site"=>{"site_name"=>"google", "review_url"=>"https://www.yelp.ca/biz/your-busines-sname?utm_campaign=www_business_share_popup&utm_medium=copy_link&utm_source=(direct)"}, "commit"=>"Create Site", "location_id"=>"tekamar-mortgages-ltd"}
Location Load (0.8ms) SELECT "locations".* FROM "locations" WHERE "locations"."slug" = $1 LIMIT $2 [["slug", "tekamar-mortgages-ltd"], ["LIMIT", 1]]
↳ app/controllers/sites_controller.rb:78
User Load (1.9ms) SELECT "users".* FROM "users" WHERE "users"."id" = $1 ORDER BY "users"."id" ASC LIMIT $2 [["id", 1], ["LIMIT", 1]]
↳ /Users/richsmith/.rvm/gems/ruby-2.5.1/gems/activerecord-5.2.1/lib/active_record/log_subscriber.rb:98
Unpermitted parameters: :utf8, :authenticity_token, :site, :commit
Redirected to http://localhost:3000/locations/tekamar-mortgages-ltd/sites
Completed 302 Found in 13ms (ActiveRecord: 2.6ms)
Try:
def site_params
params.require(:site).permit(:location_id, :place_id, :site_name, :review_url)
end
Params for site are nested in params[:site]. You should first take this hash out of all the params, and then call permit on it. Right now you're sanitizing all the params (that include some stuff you're clearly not interested in, as utf8 or authenticity_token).
Related
i got some error when trying to make relation between Post and Hashtag by m : n
all things fine but when try to save log prints like this
Started POST "/posts" for 127.0.0.1 at 2018-03-05 21:43:00 +0900
Processing by PostsController#create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"DxRb+4PAfOsDTCEMx+BcBNKK/LWAH5NxwVh6n7OChtwBL/svUQVEBj7mrWdCYB2BIUHO/Gql9UC6mKLMMoPqEg==", "post"=>{"title"=>"please", "content"=>"please!!!!!", "hashtags_attributes"=>{"0"=>{"title"=>"hash1"}, "1"=>{"title"=>"hash2"}, "2"=>{"title"=>"hash3"}}}, "commit"=>"Create Post"}
Unpermitted parameter: hashtags_attributes
Unpermitted parameters: title, content
Hashtag Load (0.2ms) SELECT "hashtags".* FROM "hashtags" WHERE "hashtags"."title" = ? LIMIT ? [["title", "hash1"], ["LIMIT", 1]]
Unpermitted parameters: title, content
Hashtag Load (0.1ms) SELECT "hashtags".* FROM "hashtags" WHERE "hashtags"."title" = ? LIMIT ? [["title", "hash2"], ["LIMIT", 1]]
Unpermitted parameters: title, content
Hashtag Load (0.1ms) SELECT "hashtags".* FROM "hashtags" WHERE "hashtags"."title" = ? LIMIT ? [["title", "hash3"], ["LIMIT", 1]]
(0.0ms) begin transaction
SQL (0.3ms) INSERT INTO "posts" ("title", "content", "created_at", "updated_at") VALUES (?, ?, ?, ?) [["title", "please"], ["content", "please!!!!!"], ["created_at", "2018-03-05 12:43:00.937624"], ["updated_at", "2018-03-05 12:43:00.937624"]]
SQL (0.1ms) INSERT INTO "hashtags_posts" ("hashtag_id", "post_id") VALUES (?, ?) [["hashtag_id", 1], ["post_id", 2]]
(0.3ms) rollback transaction
Completed 500 Internal Server Error in 12ms (ActiveRecord: 1.4ms)
ActiveModel::MissingAttributeError (can't write unknown attribute `id`):
app/controllers/posts_controller.rb:36:in `block in create'
app/controllers/posts_controller.rb:35:in `create'
Rendering /usr/local/var/rbenv/versions/2.4.1/lib/ruby/gems/2.4.0/gems/actionpack-5.0.6/lib/action_dispatch/middleware/templates/rescues/diagnostics.html.erb within rescues/layout
Rendering /usr/local/var/rbenv/versions/2.4.1/lib/ruby/gems/2.4.0/gems/actionpack-5.0.6/lib/action_dispatch/middleware/templates/rescues/_source.html.erb
Rendered /usr/local/var/rbenv/versions/2.4.1/lib/ruby/gems/2.4.0/gems/actionpack-5.0.6/lib/action_dispatch/middleware/templates/rescues/_source.html.erb (7.4ms)
Rendering /usr/local/var/rbenv/versions/2.4.1/lib/ruby/gems/2.4.0/gems/actionpack-5.0.6/lib/action_dispatch/middleware/templates/rescues/_trace.html.erb
Rendered /usr/local/var/rbenv/versions/2.4.1/lib/ruby/gems/2.4.0/gems/actionpack-5.0.6/lib/action_dispatch/middleware/templates/rescues/_trace.html.erb (2.0ms)
Rendering /usr/local/var/rbenv/versions/2.4.1/lib/ruby/gems/2.4.0/gems/actionpack-5.0.6/lib/action_dispatch/middleware/templates/rescues/_request_and_response.html.erb
Rendered /usr/local/var/rbenv/versions/2.4.1/lib/ruby/gems/2.4.0/gems/actionpack-5.0.6/lib/action_dispatch/middleware/templates/rescues/_request_and_response.html.erb (1.1ms)
Rendered /usr/local/var/rbenv/versions/2.4.1/lib/ruby/gems/2.4.0/gems/actionpack-5.0.6/lib/action_dispatch/middleware/templates/rescues/diagnostics.html.erb within rescues/layout (124.9ms)
i don't know why title content, and hashtags_attributes are unpermitted parameters. i set them in white list correctly
this is my codes
posts_controller.rb
def create
#post = Post.new(post_params)
3.times do |x|
tag = hashtag_params[:hashtags_attributes]["#{x}"]["title"]
a = Hashtag.find_or_create_by(title: tag)
#post.hashtags << a
end
respond_to do |format|
if #post.save
format.html { redirect_to #post, notice: 'Post was successfully created.' }
format.json { render :show, status: :created, location: #post }
else
format.html { render :new }
format.json { render json: #post.errors, status: :unprocessable_entity }
end
end
end
def hashtag_params
params.require(:post).permit(hashtags_attributes: [:title])
end
this is my post.rb
class Post < ApplicationRecord
has_and_belongs_to_many :hashtags
accepts_nested_attributes_for :hashtags
end
this is my hashtag.rb
class Hashtag < ApplicationRecord
has_and_belongs_to_many :posts
end
At last, my _form.html.erb
<%= form_for(post) do |f| %>
<% if post.errors.any? %>
<div id="error_explanation">
<h2><%= pluralize(post.errors.count, "error") %> prohibited this post from being saved:</h2>
<ul>
<% post.errors.full_messages.each do |message| %>
<li><%= message %></li>
<% end %>
</ul>
</div>
<% end %>
<div class="field">
<%= f.label :title %>
<%= f.text_field :title %>
</div>
<div class="field">
<%= f.label :content %>
<%= f.text_area :content %>
</div>
<div class="field">
<%= f.fields_for :hashtags do |h|%>
<%=h.label :title, "해시태그"%>
<%=h.text_field :title%>
<% end %>
</div>
<div class="actions">
<%= f.submit %>
</div>
<% end %>
You only need to specify post_params correctly:
def create
#post = Post.new(post_params)
respond_to do |format|
if #post.save
format.html { redirect_to #post, notice: 'Post was successfully created.' }
format.json { render :show, status: :created, location: #post }
else
format.html { render :new }
format.json { render json: #post.errors, status: :unprocessable_entity }
end
end
end
def post_params
params.require(:post).permit(:title, :content, hashtags_attributes: [:id, :title])
end
You can read more here
And you need to change your migration
class CreateJoinTableHashtagsPosts < ActiveRecord::Migration[5.0]
def change
create_join_table :hashtags, :posts do |t|
t.index :hashtag_id
t.index :post_id
end
end
end
After it you need to run rake db:rollback && rake db:migrate.
Or you can use rake db:drop && rake db:create && rake db:migrate to recreate db from scratch, in this case you lose all existing data
Edit: Main problem was that when I added the reference fields, I did theater:reference and not theater:references so the field was not marked as a foreign key. Once I undid those migrations and redid them correctly, I was able to make this work.
In my showtimes controller, I am trying to automatically set the theater id to whatever theater owns the screen that the user inputed, but when I try to save it as an integer or a string, I get an error. Yet, when I try to save it as a theater object, I get "Unpermitted parameter: theater" from the console and a "Theater must exist" error from the rails application.
showtimes_controller:
class ShowtimesController < ApplicationController
before_action :set_theater, only: [:create, :edit]
before_action :set_showtime, only: [:show, :edit, :update, :destroy]
# GET /showtimes
# GET /showtimes.json
def index
#showtimes = Showtime.all
end
# GET /showtimes/1
# GET /showtimes/1.json
def show
end
# GET /showtimes/new
def new
#showtime = Showtime.new
end
# GET /showtimes/1/edit
def edit
end
# POST /showtimes
# POST /showtimes.json
def create
#showtime = Showtime.new(showtime_params)
respond_to do |format|
if #showtime.save
format.html { redirect_to #showtime, notice: 'Showtime was successfully created.' }
format.json { render :show, status: :created, location: #showtime }
else
format.html { render :new }
format.json { render json: #showtime.errors, status: :unprocessable_entity }
end
end
end
# PATCH/PUT /showtimes/1
# PATCH/PUT /showtimes/1.json
def update
respond_to do |format|
if #showtime.update(showtime_params)
format.html { redirect_to #showtime, notice: 'Showtime was successfully updated.' }
format.json { render :show, status: :ok, location: #showtime }
else
format.html { render :edit }
format.json { render json: #showtime.errors, status: :unprocessable_entity }
end
end
end
# DELETE /showtimes/1
# DELETE /showtimes/1.json
def destroy
#showtime.destroy
respond_to do |format|
format.html { redirect_to showtimes_url, notice: 'Showtime was successfully destroyed.' }
format.json { head :no_content }
end
end
private
# Use callbacks to share common setup or constraints between actions.
def set_showtime
#showtime = Showtime.find(params[:id])
end
def set_theater
screenInfo = Screen.where("id = ?", params[:showtime][:screen])
params['showtime']['theater'] = Theater.find(screenInfo[0]['theater_id'])
end
# Never trust parameters from the scary internet, only allow the white list through.
def showtime_params
params.require(:showtime).permit(:date, :time, :archived, :movie_id, :theater, :screen)
end
end
showtimes model:
class Showtime < ApplicationRecord
belongs_to :movie
belongs_to :theater
end
Showtimes _form
<%= form_for(showtime) do |f| %>
<% if showtime.errors.any? %>
<div id="error_explanation">
<h2><%= pluralize(showtime.errors.count, "error") %> prohibited this showtime from being saved:</h2>
<ul>
<% showtime.errors.full_messages.each do |message| %>
<li><%= message %></li>
<% end %>
</ul>
</div>
<% end %>
<div class="field">
<%= f.label :date %>
<%= f.date_select :date %>
</div>
<div class="field">
<%= f.label :time %>
<%= f.time_select :time %>
</div>
<div class="field">
<%= f.label :archived %>
<%= f.check_box :archived %>
</div>
<div class="field">
<%= f.label :movie_id %>
<%= f.text_field :movie_id %>
</div>
<div class="field">
<%= f.label :screen %>
<%= f.text_field :screen %>
</div>
<%= f.hidden_field :theater, :value => "" %>
<div class="actions">
<%= f.submit %>
</div>
<% end %>
Error when trying to save as integer:
Theater(#70015922237640) expected, got Fixnum(#11723820)
Error when trying to save as string:
Theater(#70015868755420) expected, got String(#11739240)
Logs when trying to save as Theater object:
Started POST "/showtimes" for IP at 2016-11-08 20:22:37 +0000
Processing by ShowtimesController#create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"nENPV5d6YRXdcx3H+Xa9ZypGtyFlaTg+zyENGB10TmW9OyWxLR9Dsl7nDoG9irq+3qApiNA2/oEqL5RZ0SXorA==", "showtime"=>{"date(1i)"=>"2016", "date(2i)"=>"11", "date(3i)"=>"8", "time(1i)"=>"2016", "time(2i)"=>"11", "time(3i)"=>"8", "time(4i)"=>"20", "time(5i)"=>"22", "archived"=>"0", "movie_id"=>"2", "screen"=>"1", "theater"=>""}, "commit"=>"Create Showtime"}
[1m[36mScreen Load (0.3ms)[0m [1m[34mSELECT "screens".* FROM "screens" WHERE (id = '1')[0m
[1m[36mTheater Load (0.2ms)[0m [1m[34mSELECT "theaters".* FROM "theaters" WHERE "theaters"."id" = ? LIMIT ?[0m [["id", 1], ["LIMIT", 1]]
Unpermitted parameter: theater
[1m[35m (0.1ms)[0m [1m[36mbegin transaction[0m
[1m[36mMovie Load (0.2ms)[0m [1m[34mSELECT "movies".* FROM "movies" WHERE "movies"."id" = ? LIMIT ?[0m [["id", 2], ["LIMIT", 1]]
[1m[35m (0.2ms)[0m [1m[31mrollback transaction[0m
Rendering showtimes/new.html.erb within layouts/application
Rendered showtimes/_form.html.erb (13.6ms)
Rendered showtimes/new.html.erb within layouts/application (16.4ms)
Completed 200 OK in 323ms (Views: 86.5ms | ActiveRecord: 3.9ms)
How the hell do I save this parameter?
Have you tried assigning your object to an instance variable, and assigning it before saving?
On your before_action
def set_theater
#theather = ... # Code to find the theather
end
On your create action
def create
#showtime = Showtime.new(showtime_params)
#showtime.theather = #theather
... # Code to save and handle errors
end
You use theater instead of theater_id in several places in your code, and you'll need to change it in all the places, in order for this to work.
Firstly - you can't select a theater in our form... html doesn't recognise a type of theaterand will not pass one through - so your form needs to pass the theater_id instead (which will be an integer that it happily can deal with).
# eg here make sure it's a theater_id
<%= f.hidden_field :theater_id, :value => #theater.id %>
next - your require/permit is probably what's throwing some errors - you need that to be theater_id as well:
def showtime_params
params.require(:showtime).permit(:date, :time, :archived, :movie_id, :theater_id, :screen)
end
Now you need to fetch the theater out, using the screen-info param - but also keep in mind that this might come through as nil some times (so a guard-clause is always good):
def set_theater
if params[:showtime].present? && params[:showtime][:screen_id].present?
screen_info = Screen.find(params[:showtime][:screen_id])
#theater = Theater.find(screenInfo.theater_id)
end
end
Note: I have updated naming-schemes to be rail-standard and removed the thing where you try to set the theatre in params as below:
params['showtime']['theater'] = Theater.find(screenInfo[0]['theater_id'])
I don't know what you're actually trying to do with this line of code, but whatever it is, params doesn't work that way - consider that params is "the set of things that were passed through to us from the user, and are then thrown away" - we don't use it to store new values that we create ion the controller. That's what #variables are for
Can you explain more what you're trying to do and we'll figure out the right way to do it :)
I'm building a facebook clone, and I'm trying to have a text area on each user's page to allow them to make posts. I've tried a whole bunch of different things with no success, but right now I am getting this error when trying to access the user's show page:
First argument in form cannot contain nil or be empty
with this code:
Rails.application.routes.draw do
resources :friends, only: [:index, :destroy]
resources :posts
resources :friend_requests
devise_for :users
devise_scope :user do
root 'devise/sessions#new'
end
resources :users, only: [:index, :show] do
resources :posts
end
get 'about', to: 'static_pages#about'
# For details on the DSL available within this file, see http://guides.rubyonrails.org/routing.html
end
_post_form.html.erb
<%= form_for [#user, #post] do |f| %>
<%= f.text_area :content, size: "60x12", placeholder: "What do you want to say?" %>
<%= f.submit "Post" %>
<% end %>
class PostsController < ApplicationController
def index
#posts = Post.all
end
def new
#post = Post.new
#user = User.find(params[:user_id])
end
def create
#post = current_user.posts.build(post_params)
if #post.save
flash[:success] = "Posted!"
redirect_to user_path(current_user)
else
flash[:notice] = "Post could not be submitted"
redirect_to users_path
end
end
private
def post_params
params.require(:post).permit(:content)
end
end
class UsersController < ApplicationController
def index
#users = User.all
end
def show
#user = User.find(params[:id])
end
end
users/show.html.erb
<h4>You are signed in as <%= current_user.email %>! </h4>
<% if #user == current_user %>
<%= render "notifications" %>
<%= render 'shared/post_form' %>
<% end %>
<%= params.inspect %>
<%= current_user.id %>
server log:
Processing by UsersController#show as HTML
Parameters: {"id"=>"4"}
User Load (0.4ms) SELECT "users".* FROM "users" WHERE "users"."id" = $1 ORDER BY "users"."id" ASC LIMIT $2 [["id", 4], ["LIMIT", 1]]
User Load (0.4ms) SELECT "users".* FROM "users" WHERE "users"."id" = $1 LIMIT $2 [["id", 4], ["LIMIT", 1]]
Rendering users/show.html.erb within layouts/application
FriendRequest Load (0.5ms) SELECT "friend_requests".* FROM "friend_requests" WHERE "friend_requests"."friend_id" = $1 ORDER BY "friend_requests"."id" ASC LIMIT $2 [["friend_id", 4], ["LIMIT", 1000]]
Rendered users/_notifications.html.erb (2.0ms)
Rendered shared/_post_form.html.erb (3.0ms)
Rendered users/show.html.erb within layouts/application (10.2ms)
Completed 500 Internal Server Error in 23ms (ActiveRecord: 1.3ms)
ActionView::Template::Error (First argument in form cannot contain nil or be empty):
1: <%= form_for [#user, #post] do |f| %>
2: <%= f.text_area :content, size: "60x12", placeholder: "What do you want to say?" %>
3: <%= f.submit "Post" %>
4: <% end %>
app/views/shared/_post_form.html.erb:1:in `_app_views_shared__post_form_html_erb___99030300856795657_70237723952000'
app/views/users/show.html.erb:5:in `_app_views_users_show_html_erb___3196827877852207953_70237724137160'
Rendering /usr/local/lib/ruby/gems/2.3.0/gems/actionpack- 5.0.0.1/lib/action_dispatch/middleware/templates/rescues/template_error.html.erb within rescues/layout
Rendering /usr/local/lib/ruby/gems/2.3.0/gems/actionpack- 5.0.0.1/lib/action_dispatch/middleware/templates/rescues/_source.html.erb
Rendered /usr/local/lib/ruby/gems/2.3.0/gems/actionpack-5.0.0.1/lib/action_dispatch/middleware/templates/rescues/_source.html.erb (6.7ms)
Rendering /usr/local/lib/ruby/gems/2.3.0/gems/actionpack- 5.0.0.1/lib/action_dispatch/middleware/templates/rescues/_trace.html.erb
Rendered /usr/local/lib/ruby/gems/2.3.0/gems/actionpack-5.0.0.1/lib/action_dispatch/middleware/templates/rescues/_trace.html.erb (5.0ms)
Rendering /usr/local/lib/ruby/gems/2.3.0/gems/actionpack-5.0.0.1/lib/action_dispatch/middleware/templates/rescues/_request_and_response.html.erb
Rendered /usr/local/lib/ruby/gems/2.3.0/gems/actionpack-5.0.0.1/lib/action_dispatch/middleware/templates/rescues/_request_and_response.html.erb (1.1ms)
Rendered /usr/local/lib/ruby/gems/2.3.0/gems/actionpack- `5.0.0.1/lib/action_dispatch/middleware/templates/rescues/template_error.html.erb within rescues/layout (96.4ms)
You say that your form is having a problem rendering on the user's show page. If you have this form w/ nested resource setup like this:
form_for [#user, #post]
It means your form needs access to both the #user and the #post instance variable whereever the form is to be rendered. In this case, it is in the show action in your users controller. So your users controller should have something like this:
def show
#user = User.find(params[:id])
#post = #user.posts.build
end
I'm assuming your _post_form is loaded when you go to your posts#new route which is handled by this posts controller action:
def new
#post = Post.new
#user = User.find_by(id: params[:id])
end
Nested routes (in this case user > post) place the parent resource's id in the param resource_id, in you case it would be params[:user_id]. So, essentially, change this line:
#user = User.find_by(id: params[:id])
...to:
#user = User.find(params[:user_id])
That will access the correct id in the params and will cause an exception if no user was found (by using find instead of find_by), that will alert you to the any problem before you get to the view rendering. In your case the #user was nil and you got the form_for error you posted.
Update
I see from your logs you are going to the users#show action, which is this one:
def show
#user = User.find(params[:id])
end
as you can see, you're not setting the #post variable which you're passing to the form here:
form_for [#user, #post]
Add this to you action:
def show
#user = User.find(params[:id])
#post = Post.new
end
I am using ruby on rails try to update user information, but when I submit, the console will show an error saying the user exists and redirect to the correct page. What's wrong with my code?
The error message:
Started PATCH "/users/6" for ::1 at 2015-06-08 21:27:00 -0500
Processing by UsersController#update as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"sJm38g36DAYDo4eXdpcIPRX0e40Jp6cECmMwEvhCAEhTlDwwmmgOfXZqeczglNmJ4K9pQXiyXAsRsgP/C8lScg==", "name"=>"test123", "department"=>"123", "commit"=>"Update User", "id"=>"6"}
User Load (0.1ms) SELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT 1 [["id", 6]] CACHE (0.0ms)
SELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT 1 [["id", "6"]] (0.1ms)
begin transaction
User Exists (0.2ms)
SELECT 1 AS one FROM "users" WHERE ("users"."email" = 'test#test.com' AND "users"."id" != 6) LIMIT 1 (0.1ms)
rollback transaction
Redirected to http://localhost:3000/users/6
Completed 302 Found in 9ms (ActiveRecord: 0.5ms)
Started GET "/users/6" for ::1 at 2015-06-08 21:27:00 -0500
Processing by UsersController#show as HTML
Parameters: {"id"=>"6"} User Load (0.1ms)
SELECT "users".* FROM "users" WHERE "users"."id"
= ? LIMIT 1 [["id", 6]]
Rendered users/show.html.erb within layouts/application (0.1ms)
User Load (0.2ms)
SELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT 1 [["id", 6]] CACHE (0.0ms)
SELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT 1 [["id", 6]]
Completed 200 OK in 66ms (Views: 64.3ms | ActiveRecord: 0.3ms)
The edit page
<h1 class="center">Edit name</h1>
<div class="row">
<div class="col-md-6 col-md-offset-3">
<%= form_tag "/users/#{#user.id}", :method => 'patch' do %>
<p>
<%= label_tag :name %>
<%= text_field_tag :name, #user.name %>
</p>
<p>
<%= label_tag :department %>
<%= text_field_tag :department, #user.dept %>
</p>
<input type="submit" name="commit" value="Update User">
<% end %>
</div>
</div>
The controller is like this
class UsersController < ApplicationController
before_action :authorize, only: [:show, :edit, :update]
def authorize
#user = User.find_by(id: params[:id])
if #user.blank? || session[:user_id] != #user.id
redirect_to root_url, notice: "Nice try!"
end
end
def new
#user = User.new
end
def show
end
def edit
end
def update
#user = User.find_by(id: params[:id])
#user.name = params[:name]
#user.dept = params[:department]
#user.save
redirect_to user_path(#user.id)
end
def create
#user = User.new(email: params[:email],
name: params[:name],
password: params[:password],
role: params[:role],
dept: params[:dept])
if #user.save
redirect_to root_url, notice: "Thanks for signing up."
else
render "new"
end
end
end
The router concerning this part is like:
# sign up
get '/signup' => 'users#new'
post '/users' => 'users#create'
get '/users/:id' => 'users#show', as: :user
get '/users/:id/edit' => 'users#edit', as: 'edit_user'
patch '/users/:id' => 'users#update'
The problem is in the form_tag,it should be like this
<%= form_tag({:action => :update}, {:method => :patch}) do %>
Also your code for form_tag looks vulnerable. Changing it to like this will be better.
<%= form_tag update_user_path(#user) do %>
or
<%= form_tag user_path(#user), :method => :patch do %>
Are you using rails 4?
You should update your controller to conform to strong_parameters if you are.
def update
#user = User.find(params[:id)
if #user.update_attributes(user_params)
redirect_to user_path(#user.id)
else
render :edit
end
end
private
def user_params
params.require(:user).permit(:name, :dept)
end
Doing this will mean that you have to wrap your name and dept params inside a user scope, eg.
user: { name: "Howard Moon", dept: "Zookeeper" }
But is the standard way to handle params in the controller.
Hope this helps!
EDIT: Link to Strong Parameters which does a better job at explaining this than I can. Haha
I'm new to rails and having trouble getting my edit form to update attributes.
Here is my routes.rb for project and note:
resources :projects do
resources :notes
end
And this is my form_for in views/notes/edit.html.erb:
<%= form_for [#project, #note] do |f| %>
<div class="form-group">
<%= f.label :title %>
<%= f.text_field :title, class: "form-control" %>
</div>
<div class="form-group">
<%= f.label :body %>
<%= f.text_area :body, rows: 10, class: "form-control" %>
</div>
<div class="action">
<%= f.submit "Save Note", class: "btn btn-success" %>
</div>
<% end %>
And finally this is my notes_controller.rb:
class NotesController < ApplicationController
before_action :find_note, only: [:show, :edit, :update, :destroy]
def index
#notes = Note.all
end
def new
#project = Project.find(params[:project_id])
#note = #project.notes.new
end
def create
#project = Project.find(params[:project_id])
#note = #project.notes.build(note_params)
#note.project = #project
#note.save ? flash[:notice] = "Note created." : flash[:error] = "Note could not be created, please try again."
redirect_to [current_user, #project]
end
def show
end
def edit
end
def update
if #note.update_attributes(note_params)
#note.save
flash[:notice] = "Note updated."
redirect_to authenticated_root_path
else
flash[:error] = "Could not update note."
render :edit
end
end
def destroy
#note.delete ? flash[:notice] = "Note deleted." : flash[:error] = "Note could not be deleted."
redirect_to user_project_path
end
private
def note_params
params.require(:note).permit(:title, :body)
end
def find_note
#project = Project.find(params[:project_id])
#note = #project.notes.find(params[:id])
end
end
This is what my terminal is outputting:
Started GET "/projects/12/notes/13/edit?utf8=%E2%9C%93&_method=patch&authenticity_token=vnIoOSi0ksMNI7uU0aMnBpkTBWi75wy%2BYvbs3RxO5sPIbvFzDA30%2B32dJxurdcsiu9zsIpuDCR%2FARUamBRrYmg%3D%3D¬e%5Btitle%5D=Transporter+Materials¬e%5Bbody%5D=Star+dust%2C+data&commit=Save+Note" for 127.0.0.1 at 2015-05-25 08:38:16 -0700
Processing by NotesController#edit as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"vnIoOSi0ksMNI7uU0aMnBpkTBWi75wy+Yvbs3RxO5sPIbvFzDA30+32dJxurdcsiu9zsIpuDCR/ARUamBRrYmg==", "note"=>{"title"=>"Transporter Materials", "body"=>"Star dust, data"}, "commit"=>"Save Note", "project_id"=>"12", "id"=>"13"}
Project Load (0.2ms) SELECT "projects".* FROM "projects" WHERE "projects"."id" = ? LIMIT 1 [["id", 12]]
Note Load (0.2ms) SELECT "notes".* FROM "notes" WHERE "notes"."project_id" = ? AND "notes"."id" = ? LIMIT 1 [["project_id", 12], ["id", 13]]
Rendered notes/edit.html.erb within layouts/application (3.4ms)
User Load (0.2ms) SELECT "users".* FROM "users" WHERE "users"."id" = ? ORDER BY "users"."id" ASC LIMIT 1 [["id", 1]]
Completed 200 OK in 328ms (Views: 296.4ms | ActiveRecord: 2.3ms)
Thanks in advance for any suggestions.
If you are using #project.notes.build(note_params).
No need of this #note.project = #project in create action
and in update
if you are using #note.update_attributes(note_params)
this is not required #note.save
and its better try to debug it using #note.update_attributes!(note_params)
it will give you why its not able to save.
<%= form_for [#project, #note], :url => project_note_path(#project,#note), :method => :put do |f| %>