Develop Reference

force strong parameter value

how to insert parameter value manually from controller,
this my controller
def new
#new_post = Post.new(params[:title])
end
def create
#new_post = Post.new(new_post_params)
if #new_post.save
flash[:success] = 'Post created!'
redirect_to home_url
else
flash[:danger] = #new_post.errors.full_messages.to_sentence
redirect_to home_url
end
end
private
def new_post_params
params.require(:post).permit(
:title,
poster_id: current_user.id,
poster_name: current_user.name
)
end
my form view like this
form_for #new_post do |f|
f.text_area :title
end
tired using this method, poster_id and poster_name still blank
def new_post_params
params.require(:post).permit(
:title,
poster_id: current_user.id,
poster_name: current_user.name
)
end

Try this
params.require(:post).permit(:title).merge(
{
poster_id: current_user.id,
poster_name: current_user.name
}
)

def new_post_params
params[:post][:poster_id] = current_user.id
params[:post][:poster_name] = current_user.name
params.require(:post).permit(
:title,
:poster_id,
:poster_name
)
end

Stripe Cancel User Subscription

Completely banging my head against the wall trying to figure out how to cancel a user subscription. I have been all through StackOverflow and cant seem to find anything to help. Because I am fairly new to RoR the Stripe API only confuses me a bit more. I do understand that I need to capture and save the user ID somehow before i can cancel. I have not been able to figure this out...hence why i cant cancel subscriptions. HELP PLEASE
Subscribe_controller.rb
class SubscribeController < ApplicationController
before_filter :authenticate_user!
def new
unless (params[:plan_id] == '1' || params[:plan_id] == '2' || params[:plan_id] == '3')
flash[:notice] = "Please select a plan to sign up."
redirect_to new_subscribe_path
end
end
def update
# Amount in cents
token = params[:stripeToken]
customer = Stripe::Customer.create(
:email => current_user.email,
:card => token,
plan: params[:id]
)
current_user.subscribed = true
current_user.stripe_id = customer.id
current_user.save
redirect_to demo_path, notice: "Your Plan was created. Enjoy the demo!"
end
def cancel_plan
#user = current_user
if #user.cancel_user_plan(params[:customer_id])
#user.update_attributes(customer_id: nil, plan_id: 1)
flash[:notice] = "Canceled subscription."
redirect_to pricing_path
else
flash[:error] = "There was an error canceling your subscription. Please notify us."
redirect_to edit_user_registration_path
end
end
def update_plan
#user = current_user
if (params[:user][:stripe_id] != nil) && (params[:plan] == "2")
#user.update_attributes(plan_id: params[:plan], email: params[:email], stripe_id: params[:user][:stripe_id])
#user.save_with_payment
redirect_to edit_user_registration_path, notice: "Updated to premium!"
else
flash[:error] = "Unable to update plan."
redirect_to :back
end
end
end
User_controller.rb
class UsersController < ApplicationController
before_action :authenticate_user!
def update
if current_user.update_attributes(user_params)
flash[:notice] = "User information updated"
redirect_to edit_user_registration_path
else
flash[:error] = "Invalid user information"
redirect_to edit_user_registration_path
end
end
private
def user_params
params.require(:user).permit(:name)
end
end
Edit User Info Page
<div class="col-md-9 text-center">
<h2>Manage Plan</h2>
</div>
<div class="text-center">
<%= button_to "Cancel my account", cancel_plan_path, :data => { :confirm => "Are you sure?" }, :method => :delete, class: "btn btn-danger" %>
<button class="btn-lg btn btn-primary" disabled="disabled">Update Plan</button>
</div>
Routes.rb
get 'cancel_plan' => 'subscribe#cancel_plan'
resources :subscribe
devise_for :users

I am sure that you have seen this before stripe cancel subscription
first you have to get the customer the you can find there subscriptions so you can delete it
# Definition
customer = Stripe::Customer.retrieve({CUSTOMER_ID})
customer.subscriptions.retrieve({SUBSCRIPTION_ID}).delete
# Example
require "stripe"
Stripe.api_key = "sk_test_fSaKtH5qZMmhyXiF7YXup2wz"
customer = Stripe::Customer.retrieve("cus_5LXt66ikj5nYz5")
# customer.subscriptions returns a list of all subscriptions
customer.subscriptions.retrieve("sub_5TGMEBBALjNcD6").delete

Ultimate Answer
token = params[:stripeToken]
customer = Stripe::Customer.create(
:email => current_user.email,
:card => token,
plan: params[:id]
)
current_user.subscribed = true
current_user.stripe_id = customer.id
current_user.stripe_subscription_id = customer.subscriptions['data'][0].id
current_user.plan_name = customer.subscriptions['data'][0].plan.name
current_user.save
redirect_to demo_path, notice: "Your Plan was created. Enjoy the demo!"

In order to make this easier, you need to store the stripe_id and subscription_id in your database. Hence, after creating the columns stripe_id and subscription_id in your User model, you will have to save that:
customer = Stripe::Customer.create({
email: params[:stripeEmail],
source: params[:stripeToken],
plan: params[:plan]
})
subscription_id = customer.subscriptions['data'][0].id
user.update_attributes(stripe_id: customer.id, subscription_id: subscription_id)
Now you can always call the user's subscription since you have its id:
user = current_user
stripe_subscription = Stripe::Subscription.retrieve(user.subscription_id)
stripe_subscription.delete
If you only have the customer_id in your database, you can:
user = current_user
stripe_customer = Stripe::Customer.retrieve(user.stripe_id)
stripe_subscription = stripe_customer.['data'][0].delete

Cancan - can't save data for other roles - Ruby on Rails

can you help my to fix my problem. I can save data if the user is managing partner but when I choose other roles, (like secretary), I can't save data to the database.
I think, there's a problem here. This is my codes:
def profile
#office = Office.last
#partial = (params[:type].present?) ? params[:type] : "work_data"
#user = User.find(params[:id])
#user.is_managing_partner = true if current_user.role == 'managing partner'
end
def update_profile
#office = Office.last
#user = User.find(params[:id])
#user.is_managing_partner = true
if #user.update_attributes(user_params)
flash[:success] = "Profile updated"
case params[:type]
when 'work_data'
redirect_to profile_user_path(type: "personal_data")
when 'personal_data'
redirect_to root_path
end
else
#partial = (params[:type].present?) ? params[:type] : "work_data"
render json: #user.errors, status: :unprocessable_entity
end
end
and this is my application_controller.rb
rescue_from CanCan::AccessDenied do |exception|
#office = Office.last
#user = User.find(params[:id])
if #user == current_user
#partial = (params[:type].present?) ? params[:type] : "work_data"
authorize! :read, #user
render 'profile'
else
flash[:warning] = "Access Denied."
redirect_to root_url
end
end
and this is my ability.rb
if user.role == 'managing partner'
can :manage, :all
else
if user.role == "secretary"
can :update, :user_id => user.id
end
can :read, :all
end

In your ability.rb the 'can :update, :user_id => user.id' row is wrong. You have to specify WHAT he can update:
can :update, WHAT, :user_id => user.id

Devise Forget password routing error

I have internal messages in my application. I am using devise and I have installed password module but did not configured it yet. when I tried to press on Forget Password? I got this error:
No route matches {:controller=>"messages", :mailbox=>:inbox, :user_id=>nil}
So what I need is: How to solve this problem ? and How to make the forget password feature works for action mailer so user can reset his password using the email which saved in the database.
Note: Before installing internal messages into my app , when i tried to click forget password link it was redirecting normally.
I am using another controller for registration instead of that one by devise and on signup , users are added by admin.
this is from my routes file
devise_for :users, :controllers => { :registrations => "users" }
resources :users, only: [:index, :new, :create, :show, :destroy, :edit, :update] do |user|
resources :messages do
collection do
post 'delete_multiple'
end
end
end
Forget Password link
<%- if devise_mapping.recoverable? && controller_name != 'passwords' %>
<%= link_to "Forgot your password?", new_password_path(resource_name), :class => "btn btn-danger" %><br />
<% end -%>
Users_Controller.rb
class UsersController < ApplicationController
load_and_authorize_resource
def index
#users = User.all
#users_grid = initialize_grid(User,
:per_page => 5)
end
def show
#user = User.find(params[:id])
end
def new
#user = User.new
end
def create
#user = User.new(params[:user])
if #user.save
flash[:notice] = 'A new user created successfully.'
redirect_to users_path
else
flash[:error] = 'An error occurred please try again!'
redirect_to users_path
end
end
def edit
#user = User.find(params[:id])
end
def update
#user = User.find(params[:id])
if #user.update_attributes(params[:user])
flash[:notice] = 'Profile updated'
redirect_to users_path
else
render 'edit'
end
end
def destroy
#user = User.find(params[:id])
if current_user == (#user)
flash[:error] = "Admin suicide warning: Can't delete yourself."
else
#user.destroy
flash[:notice] = 'User deleted'
redirect_to users_path
end
end
end
Messaages_controller.rb
class MessagesController < ApplicationController
before_filter :set_user
def index
if params[:mailbox] == "sent"
#messages = #user.sent_messages
elsif params[:mailbox] == "inbox"
#messages = #user.received_messages
#elsif params[:mailbox] == "archieved"
# #messages = #user.archived_messages
end
end
def new
#message = Message.new
if params[:reply_to]
#reply_to = User.find_by_id(params[:reply_to])
unless #reply_to.nil?
#message.recepient_id = #reply_to.id
end
end
end
def create
#message = Message.new(params[:message])
#message.sender_id = #user.id
if #message.save
flash[:notice] = "Message has been sent"
redirect_to user_messages_path(current_user, :mailbox=>:inbox)
else
render :action => :new
end
end
def show
#message = Message.readingmessage(params[:id],#user.id)
end
def delete_multiple
if params[:delete]
params[:delete].each { |id|
#message = Message.find(id)
#message.mark_message_deleted(#message.id,#user.id) unless #message.nil?
}
flash[:notice] = "Messages deleted"
end
redirect_to user_messages_path(#user, #messages)
end
private
def set_user
#user = current_user
end
end

Since it's showing user_id => nil. Can you check if your session is not expired

How to authenticate the primary key?

i can't authenticate the Transaction_Id where this is the primary key of my transaction table, while i can do it with the email. what would seem to be the problem? help. thanks.
here's my model/transaction:
def self.authenticate(email, transaction_id)
user = Transaction.find_by_email(email)
if user && user.Transaction_Id
return user
else
return false
end
end
here's my controller/modifications:
def attempt_login
user = Transaction.authenticate(params[:email], params[:Transaction_Id])
if user
session[:user_id] = user.id
session[:email] = user.email
flash[:notice] = "You are now logged in!"
redirect_to :action => "modify"
else
flash[:notice] = "Invalid username/password combination."
redirect_to :action => "login"
end
end
and here's my view/login:
<div class="login">
<%= form_tag :action => "attempt_login" do %>
<%= label_tag :email, "Email Address:" %>
<%= text_field_tag :email %>
<%= label_tag :Transaction_Id, "Transaction Id:" %>
<%= text_field_tag :Transaction_Id %>
<%= submit_tag "Log In"%>
<% end %>
</div>

You check only if there is a transaction_id present in your found user object, but you do not compare this id to the given id, so try:
def self.authenticate(email, transaction_id)
user = Transaction.find_by_email(email)
if user && user.Transaction_Id == transaction_id
return user
else
return false
end
end
or (don't know if it works)
def self.authenticate(email, transaction_id)
user = Transaction.find_by_email_and_transaction_id(email, transaction_id)
if user
return user
else
return false
end
end
in short:
# will return user if found; else nil
def self.authenticate(email, transaction_id)
Transaction.find_by_email_and_transaction_id(email, transaction_id)
end