Middle man controller for Rails - ruby-on-rails

I have two application controllers for my app. One that holds all my internal information and checks to see if users are logged in.
The other application controller is under a namespace called external.
This controller allows users to go to certain urls with a token, and the token represents a company that gets validated to see if the token belongs to a company. This way a user doesn't need to be logged it, they just need to know their uniq token.
The problem that I am facing is that there are autocomplete methods that I want to reuse that belong to my main application controller, but this controller checks to see if users are logged in so I get a 401 if I try to search on the external side.
I know there is no double inheritance in rails, but is there a way to kind of get a controller to belong to two different controllers? That way I can stick all my auto complete methods in this controller and both my Application controllers will be able to have access to it.
The main reason why I want to keep the auto complete methods in a controllers is so that I can make routes to them and have the actions return JSON so that JQuery autocomplete can use this information.
Thank you guys in advance, and if I am thinking about this wrong, please let me know and any other ideas you may have to accomplish this.

You can accomplish this by creating a module with your auto complete methods (and whatever other methods you want to share between controllers) and include the module in the appropriate controllers.
module ModuleName
def some_method
...
end
...
end
in the controller:
class ControllerName < ApplicationController
include ModuleName
...
end
some_method will be available in ControllerName and any other controller that includes the module

Related

Should I have two Controllers when one of the models invariably is dependent of the other?

I have two models User and Project with a one-to-many association.
An instance (or collection) of Project is never "CRUD:ed" by itself, it's always in the context as a property of a #user.
Should Project still have it's own Controller whose every action has to look up which User the request is for OR should I add project-related actions in the UsersController such as:
class UsersController < ApplicationController
def show_projects
#user.projects
end
end
I will go for having also a controller for the Project models. If you think in RESTful actions then you can think in a call for something like /projects/1 (or other action with an url appending /user like /user/{ID_user}/projects/1) to get project with ID 1 and in the action to process that request checking user permission stuff. Also for example asking for /projects will process a call to get all user's project.
I think that in spite of your Project model having a strong dependency with your User model, doesn't mean that you can't CRUD your Project model. I suppose that somewhere in your app you are going to need to create Projects and that's going to be the place to put CRUD actions for the Project model. Maybe i'm wrong about this (having little information about your app it's difficult to analyse further your problem) but your Project model sounds like a first class entity just like your User model.

Call inner controller actions and send params between them rails

I'm creating an API and I want that the outside can only has access to update method to actualize a report. But in case there is no report I want to create it. I know that the easy way to do it is just create it inside update method, but as soon I have already a create method build I was wondering if is it possible to call it sending it also some params.
I looked around like here Rails 3: Call functions inside controllers or the API but I didn't found any good solution.
Does anyone has a better one?
Thank you very much in advance.
You should not call an action of your controller from another action.
Why? Because every action of a controller is defined to respond to a request, which has several attributes (such as IP, params, session, HTTP headers, etc.). Imagine how "weird" it would be to call an action from another in the Controller.
If you want to do "extra logic" which would not be related to the update action (for example, create), you should call a protected (accessible only via the Controller & its children) method of this controller.
In your case, you could do something like this:
class ReportsController < ApplicationController
def update
#report = Report.where(id: params[:report_id]).first
if #report.nil?
create_report(params)
else
# etc.
end
end
protected
def create_report(params)
Report.create(params)
end
end

Security and use actions in CakePHP

I'm new to cakephp, I'm doing a web application in cakephp 2.3.5, my application has several controllers with corresponding models in each controller. I have actions with their respective views, and other actions that are simply no view functions that are used by other actions.
I have two questions:
One, of such actions is to remove an entity, is there any way that the user does not execute its actions through the browser by entering the URL (eg ... / estudiantes/delete/6)?, Meaning that only actions can launch web browsing.
Two, I have several user page belongs to a different role, of course there will be action in which a specific profile can not use and others who, for this I use the function "IsAuthorized" on each controller, controlling every action and seeing the user and the role it plays using the session, would it be right?
First question: yes, just change the delete action to protected or private and only other actions within your controller can access that. Or, if you're trying to use it with ajax or post, add this in the delete action
public function delete($id=null) {
if ($this->request->is('ajax') || $this->request->is('post'))
//do delete
else
//redirect or throw error or sad face
}
Second question: yes.
Or you could use plugins, like ACL.

Model without View: do I need a Controller in Rails

I would like to have a Referral model, where user A can refer an Event X to user B. The way I plan to implement it is without Referral Views. I just have a Refer button on a events/show page for create action, and have referred users in users/show page for show. I don't see the need to create a view for referral.
From design pattern point of view, is it OK to create "refer" action in Events_Controller to invoke create method in Referral model, instead of sending it to a designated controller (i.e., Refferals_Controller), which will make call to Referral model?
More generally, should I create controller to allow other controllers to interact with my model, even if I don't need any views for this particular model?
Thank you.
Controller is where the http requests come (after passing through Routing). No incoming requests == no controller. Good when controller complies with REST scheme (index, show, create ...). But you can add non-REST actions as well (Rails Routing supports this: 3 Non-Resourceful Routes)
All interaction with model should probably go in the model class.(Edit: I mean code)
You shouldn't create a controller to just forward calls to model from other controllers. You can have several models per controller. Or several controllers per model.
Sometimes (if you know what you're doing) you can even call model methods from the view directly ("some rules can be bent, some can be broken" (c) Morpheus ).

.NET custom authorize attribute (mvc)

In certain Controller I have CRUD methods. In order to access these methods user needs to be logged in. This is why I used [Authorize] attribute for this controller. Now I need additional attribute which would check if item that user wants to view/delete/update belongs to him.
Is it possible and recommended to do this with attribute or you would suggest using check methods inside each method? If you suggest using attribute, could you please provide me some links/instructions?
EDIT:
Ofcourse, if attribute returns false than I don't want to redirect user to login page but show him an error message...
It can be done with a custom Authorize attribute, but it's much cleaner to put the logic inside your controller methods.
The attribute is related to the action being called (the controller class method). On that basis any attribute relating to the user's ownership of the object being manipulated (from your Model) should really be on the entity/class that the user is attempting to manipulate. You'll probably find it easier to validate the user within the Model method rather than using an attribute to achieve this.
In my opinion it is possible, just google for 'Custom Authorize Attribute'.
But maybe it is better to query your database with something like this:
ContextOrSession.Query<Something>.Where(Something.Groups.Intersect(User.Groups).Count>0)

Resources