In my Rails app I've several controllers and each of them should send push notifications to mobile devices. To achieve this I use gem 'RPush' and everything was ok when I've had init RPush, send notifications, etc methods inside each controller. But now I decided to refactor the whole code and create module where all these methods will be stored. Suggested I must include my module in ApplicaitonController to make it's methods visible inside all cotrollers and I did it. Now I faced a problem Circular dependency detected while autoloading constant SpushHelper
My ApplicationController code:
class ApplicationController < ActionController::Base
# Prevent CSRF attacks by raising an exception.
# For APIs, you may want to use :null_session instead.
protect_from_forgery with: :null_session
include SPushHelper
create_push_apps
end
UsersController code:
class UsersController < ApplicationController
before_action :authenticate_root!, only: [:index,:destroy]
before_action :set_user, only: [:destroy]
def index
#users = User.all
end
def destroy
#user.destroy
redirect_to users_url
end
private
def set_user
#user = User.find(params[:id])
end
def user_params
params.require(:user).permit(:push_token, :uuid, :device_type)
end
end
and my SPushHelper code:
module SPushHelper
ANDROID_KEY = "my_android_key_here"
def create_push_apps
#create android push app instance
create_android_push_app
...
end
def create_android_push_app
if not(defined? #android_app)
#android_app = Rpush::Gcm::App.find_by_name("android_app")
if #android_app.nil?
#android_app = Rpush::Gcm::App.new
#android_app.name = "android_app"
#android_app.auth_key = ANDROID_KEY
#android_app.connections = 1
#android_app.save!
end
end
end
def send_push_to_android(notification)
get_users_tokens
n_android = Rpush::Gcm::Notification.new
n_android.app = Rpush::Gcm::App.find_by_name("android_app")
n_android.registration_ids = #users_tokens
n_android.data = notification
n_android.save!
end
def get_users_tokens
if not(defined?(#users))
#users = User.all
else
if #users.nil?
#users = User.all
end
end
if not(defined?(#users_tokens))
#users_tokens = []
end
#users.each do |u|
#users_tokens << u.push_token
end
end
end
The error looks weird because I'm not using SPushHelper at all.
What am I doing wrong?
Related
I've got a situation where User after successfully Sign up process (I'm using Devise gem) will have access only for two controllers until he passes all validation process. To check if validation process is in progress I'm using status column. If status == '' means validation is not finished.
I'm wondering how to implement such an access to only two pages? my first thought was Pundit gem but if I have 50 controllers I would need to implement 50 policies, inside of which I'll have numerous methods correspondent to controller actions. Is there any better way to do so?
[EDIT]
This is what I have so far:
class BaseController < ApplicationController
before_action :authorized_user
rescue_from Pundit::NotAuthorizedError, with: :user_not_authorized
def authorized_user
policy_scope(current_user)
end
private
def user_not_authorized
flash[:alert] = 'You are not authorized to perform this action.'
redirect_to(request.referrer || root_path)
end
end
User policy:
class UserPolicy < ApplicationPolicy
class Scope < Scope
def resolve
return raise(Pundit::NotAuthorizedError) unless user.status == 'active'
scope.all
end
end
end
This Answer only works if your controllers inherit from ApplicationController.
Add a before_action to your ApplicationController which does something when the user is not validated. This triggers now on all controller actions.
class ApplicationController < ActionController::Base
before_action :require_validated
private
def require_validated
redirect_to somewhere_url unless current_user.status == 'validated'
end
end
To except specific controller you can skip_before_action
class SomeController < ApplicationController
skip_before_action :require_validated
# skip only for specific actions
skip_before_action :require_validated, only: [:new, :create]
end
Thanks to the suggestions in the comments from #tadam I ended up with below code:
#intermediate controller class
class BaseController < ApplicationController
before_action :authorized_user
rescue_from Pundit::NotAuthorizedError, with: :user_not_authorized
def authorized_user
authorize :global, :only_active?
end
private
def user_not_authorized
flash[:alert] = 'You are not authorized to perform this action.'
redirect_to root_path
end
end
Global policy used in BaseController
class GlobalPolicy < ApplicationPolicy
def only_active?
active?
end
end
I have a user model which uses Devise for authentication and also have an administrator model, which also uses Devise.
I want administrators to be able to edit users profile via administrators/users/{user.id}/edit, however I want this process to be done through Devise Controllers, therefore I tried to inherit from the Users::RegistrationsController as shown below:
class Administrators::UsersController < Users::RegistrationsController
before_action :set_user, only: [:show,:edit,:update,:destroy]
def index
#users=User.all
end
def show
end
def new
super
end
def update
#user.update(user_params)
redirect_to [:administrators,:users]
end
but I get the following error:
Could not find devise mapping for path "/administrators/users". This may happen for two reasons: 1) You forgot to wrap your route inside the scope block. For example: devise_scope :user do get "/some/route" => "some_devise_controller" end 2) You are testing a Devise controller bypassing the router. If so, you can explicitly tell Devise which mapping to use: #request.env["devise.mapping"] = Devise.mappings[:user]
I tried to change the routes but I still get the same error.
Could you please help me?
Inheriting from Devise::RegistrationsController may initially seem like a good idea from a code reuse standpoint but it really not a very good idea.
The intent of the controllers is very different - Devise::RegistrationsController partially deals with an un-authenicated user - and the Devise controllers are scary beasts due to the amount of flexibility built in Devise.
Instead you should just setup a plain old CRUD controller as the task at hand is not very complex compared to clobbering over half of Devise::RegistrationsController.
# config/routes.rb
namespace :administrators do
resources :users
end
# app/controllers/administrators/base_controller.rb
module Administrators
class AuthorizationError < StandardError; end
class BaseController
respond_to :html
before_action :authenticate_user!
# Replace with the lib of your choice such as Pundit or CanCanCan
before_action :authorize_user!
rescue_from AuthorizationError, with: :unauthorized
private
def authorize_user!
raise AuthorizationError and return unless current_user.admin?
end
def unauthorized
redirect_to new_session_path, alert: 'You are not authorized.'
end
end
end
class Administrators::UsersController < Administrators::BaseController
before_action :set_user, only: [:show, :edit, :update, :destroy]
def show
end
def index
#users = User.all
end
def new
#user = User.new
end
def create
#user = User.create(user_params)
respond_with(:administrators, #user)
end
def edit
end
def update
#user.update(user_params)
respond_with(:administrators, #user)
end
def destroy
#user.destroy
respond_with(:administrators, #user)
end
private
def user_params
params.require(:user).permit(:email, :password, :password_confirmation)
end
end
Instead you may want to focus on reusing the views through partials for example.
See:
ActionController::Responder
Pundit
CanCanCan
I have two layouts Admin and Domain. And I don't need any extra configuration in Admin layout. but if user tries to access Domain layout they must be in their valid domain.
This means that, I need to customize all of my Domain policy to include both current_user as well as current_domain. I found this can be done with UserContext and pundit_user... so here is what I have done:
application_controller.rb
class ApplicationController < ActionController::Base
include Pundit
rescue_from Pundit::NotAuthorizedError, with: :user_not_authorized
# Prevent CSRF attacks by raising an exception.
# For APIs, you may want to use :null_session instead.
protect_from_forgery with: :exception
def pundit_user
UserContext.new(current_user, current_domain)
end
def after_sign_out_path_for(resource)
root_path
end
def current_domain
#current_domain ||= Domain.where(name: requested_domain).first
end
helper_method :current_domain
private
def requested_domain
return request.env["SERVER_NAME"]
end
def user_not_authorized
# reset_session
flash[:alert] = "You are not authorized to perform this action"
redirect_to(request.referrer || root_path)
end
end
Note that, when I access Admin layout, current_domain will be nil and if I visit any routes of Domain layout, then current_domain will set to currently accessing domain.
user_context.rb
class UserContext
attr_reader :current_user, :current_domain
def initialize(current_user, current_domain)
#current_user = current_user
#current_domain = current_domain
end
end
PROBLEM
Suppose I have this policy:
user_policy.rb
class UserPolicy < ApplicationPolicy
attr_reader :user, :scope
def initialize(user, scope)
#user = user
#scope = scope
end
def index?
binding.pry # debugging
current_user.admin? ||
current_user.domain == current_domain
end
private
def current_user
# return user.is_a?(User) ? user : user.current_user
user.current_user
end
def current_domain
# return user.is_a?(User) ? nil : user.current_domain
user.current_domain
end
end
when application runs current_user and current_domain must available in UserPolicy as per documentation(https://github.com/elabs/pundit#additional-context).
But I am getting
undefined method `current_user' for #<User:0x007fcefbc2b150>
That means, still I have user object in it, not user.current_user and user.current_domain
Please let me know, if you need further description. What am I missing here?
It was my own dumb mistake.
PROBLEM
I had a before_filter call in domain/base_controller.rb something like:
class Domain::BaseController < ApplicationController
before_action :authenticate_user!
before_action :domain_exists?
before_action :verify_domain!
private
def verify_domain!
# PROBLEM: this line was updating pundit_user again to user object
raise Pundit::NotAuthorizedError unless DomainConsolePolicy.new(current_user, current_domain).authorized?
end
def domain_exists?
if current_domain.blank?
redirect_to root_path, alert: 'Domain that you provided is not valid or is permanently removed!'
end
end
end
SOLUTION:
I have used headless policy for this because now I have both current_user and current_domain set with pundit_user in application_controller
domain/base_controller.rb
class Domain::BaseController < ApplicationController
before_action :authenticate_user!
before_action :domain_exists?
before_action :verify_domain!
private
def verify_domain!
# SOLUTION
authorize :domain_console, :has_access?
end
def domain_exists?
if current_domain.blank?
redirect_to root_path, alert: 'Domain that you provided is not valid or is permanently removed!'
end
end
end
policy/domain_console_policy.rb
class DomainConsolePolicy < Struct.new(:user, :domain_console)
def has_access?
user.current_user.admin? ||
user.current_user.domain_id == user.current_domain.id
end
end
Thanks
How to set a before_action method with dynamic params, I keep getting an error wrong number of arguments (0 for 1)
class PagesController < ApplicationController
before_action :set_categories
before_action :redirect_if_path_has_changed, only: [:products, :detail]
def home
end
def products
#category = Category.find(params[:id])
#products = #category.products.order("created_at").page(params[:page]).per(6)
redirect_if_path_has_changed(products_by_category_path(#category))
end
def detail
#product = Product.find(params[:id])
redirect_if_path_has_changed(product_details_path(#product))
end
private
def set_categories
#categories = Category.all
end
def redirect_if_path_has_changed(path_requested)
redirect_to path_requested, status: :moved_permanently if request.path != path_requested
end
end
Thank you before
You can do it like this:
before_action only: [:products, :detail] do
redirect_if_path_has_changed("value")
end
Try this. The above works when you need to set any value or something before the action. In you case you want to first find the product or detail from database then you want to redirect to that path. So before_action just calls before the two actions which is not useful in your case.
I tried to execute some ruby code on each page of my application! I putet the hole code into my application controller:
class ApplicationController < ActionController::Base
protect_from_forgery
if Setting.exists?(1)
#setting = Setting.find(1)
else
redirect_to new_setting_path
end
end
This somehow wont work! The strange thing is that when i put the hole code into my application html it works:
<body>
<% if Setting.exists?(1)
#setting = Setting.find(1)
else
redirect_to new_setting_path
end %>
What do i have to change in my application controller?
ApplicationController is the correct place, but you should put your code in a before_filter :
class ApplicationController < ActionController::Base
protect_from_forgery
before_filter :ensure_setting
private
def ensure_setting
#setting = Setting.where( id: 1 ).first or redirect_to( new_setting_path )
end
end