I have a Rails app with 3 sign up button links on the home page.
Each has it's own plan assigned to it. Two of them go to a basic form while the third goes to a form with credit card details, handled by Stripe. The forms and Users are handled by Devise.
The plans seem to be setup correctly and are seen in the rails console however, when I go to sign up, to any of them, only the email address and password is captured, and NO plan_id is assigned.
I've noticed when previewing the form pages locally that the url at the top doesn't change to the specific form url, i.e /users/sign_up?plan=3 for example, but instead shows the form but stays on the homepage url? I'm confused because the server seems to recognise which link i'm clicking on and which plan needs to be assigned?? Please Help!!
Started GET "/users/sign_up?plan=3" for 124.149.46.152 at 2015-08-21 06:32:19 +0000
Cannot render console from 124.149.46.152! Allowed networks: 127.0.0.1, ::1, 127.0.0.0/127.255.255.255
Processing by Users::RegistrationsController#new as HTML
Parameters: {"plan"=>"3"}
Rendered devise/registrations/_paid.html.erb (8.1ms)
Rendered devise/shared/_links.html.erb (0.3ms)
Rendered devise/registrations/new.html.erb within layouts/application (11.6ms)
Completed 200 OK in 154ms (Views: 151.7ms | ActiveRecord: 0.0ms)
console User.last
=> #<User id: 7, email: "testemail1#test.com", encrypted_password: "$2a$10$.EldkZ3KUdnz4u1dvIMkXO7U6GnAnrGNYomdITKqup....", reset_password_token: nil, reset_password_sent_at: nil, remember_created_at: nil, sign_in_count: 1, current_sign_in_at: "2015-08-21 07:05:34", last_sign_in_at: "2015-08-21 07:05:34", current_sign_in_ip: "124.149.46.152", last_sign_in_ip: "124.149.46.152", created_at: "2015-08-21 07:05:34", updated_at: "2015-08-21 07:05:34", plan_id: nil, stripe_customer_token: nil>
and this is my application_controller.rb
class ApplicationController < ActionController::Base
# Prevent CSRF attacks by raising an exception.
# For APIs, you may want to use :null_session instead.
protect_from_forgery with: :exception
before_filter :configure_permitted_parameters, if: :devise_controller?
protected
def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:name, :stripe_card_token, :email, :password, :password_confirmation }
end
end
development log
Started POST "/users" for 124.149.46.152 at 2015-08-21 07:31:57 +0000
Cannot render console from 124.149.46.152! Allowed networks: 127.0.0.1, ::1, 127.0.0.0/127.255.255.255
Processing by Users::RegistrationsController#create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"mA18/inejU2zEZiYXJq1xEtguLOEWnIV9UBozrHyXKPp2/2n9Ls7Km4+fCuZBL51EHUxSE+QJFRdbgW1fbMyew==", "user"=>{"email"=>"test10#gmail.com", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]"}, "commit"=>"Sign up"}
[1m[35m (0.4ms)[0m begin transaction
[1m[36mUser Exists (0.2ms)[0m [1mSELECT 1 AS one FROM "users" WHERE "users"."email" = 'test10#gmail.com' LIMIT 1[0m
[1m[35mSQL (0.6ms)[0m INSERT INTO "users" ("email", "encrypted_password", "created_at", "updated_at") VALUES (?, ?, ?, ?) [["email", "test10#gmail.com"], ["encrypted_password", "$2a$10$4cjIpysvXyckg0j4Kxzx9eqR9vVzqcmaQZPLdCC0X2jEik2MG/KrK"], ["created_at", "2015-08-21 07:31:57.381867"], ["updated_at", "2015-08-21 07:31:57.381867"]]
[1m[36m (19.3ms)[0m [1mcommit transaction[0m
[1m[35m (0.2ms)[0m begin transaction
[1m[36mSQL (0.5ms)[0m [1mUPDATE "users" SET "last_sign_in_at" = ?, "current_sign_in_at" = ?, "last_sign_in_ip" = ?, "current_sign_in_ip" = ?, "sign_in_count" = ?, "updated_at" = ? WHERE "users"."id" = ?[0m [["last_sign_in_at", "2015-08-21 07:31:57.405089"], ["current_sign_in_at", "2015-08-21 07:31:57.405089"], ["last_sign_in_ip", "124.149.46.152"], ["current_sign_in_ip", "124.149.46.152"], ["sign_in_count", 1], ["updated_at", "2015-08-21 07:31:57.406791"], ["id", 8]]
[1m[35m (19.7ms)[0m commit transaction
Redirected to https://socialplayground-portal-runpixelrun.c9.io/
Completed 302 Found in 136ms (ActiveRecord: 40.9ms)
Started GET "/" for 124.149.46.152 at 2015-08-21 07:31:57 +0000
Cannot render console from 124.149.46.152! Allowed networks: 127.0.0.1, ::1, 127.0.0.0/127.255.255.255
Processing by PagesController#home as HTML
[1m[36mPlan Load (0.4ms)[0m [1mSELECT "plans".* FROM "plans" WHERE "plans"."id" = ? LIMIT 1[0m [["id", 1]]
[1m[35mPlan Load (0.2ms)[0m SELECT "plans".* FROM "plans" WHERE "plans"."id" = ? LIMIT 1 [["id", 2]]
[1m[36mPlan Load (0.2ms)[0m [1mSELECT "plans".* FROM "plans" WHERE "plans"."id" = ? LIMIT 1[0m [["id", 3]]
Rendered pages/home.html.erb within layouts/application (1.0ms)
[1m[35mUser Load (0.4ms)[0m SELECT "users".* FROM "users" WHERE "users"."id" = ? ORDER BY "users"."id" ASC LIMIT 1 [["id", 8]]
Completed 200 OK in 210ms (Views: 207.3ms | ActiveRecord: 1.2ms)
[1m[36mUser Load (0.7ms)[0m [1mSELECT "users".* FROM "users" ORDER BY "users"."id" DESC LIMIT 1[0m
Started DELETE "/users/sign_out" for 124.149.46.152 at 2015-08-21 07:35:08 +0000
Cannot render console from 124.149.46.152! Allowed networks: 127.0.0.1, ::1, 127.0.0.0/127.255.255.255
Processing by Devise::SessionsController#destroy as HTML
Parameters: {"authenticity_token"=>"p1LtsYqgP4SPYiiAh8/l1/XPNc888HMVob3thu5Y093WhGzoV8WJ41JNzDNCUe5mrtq8NPc6JVQJk4D9Ihm9BQ=="}
[1m[36mUser Load (0.2ms)[0m [1mSELECT "users".* FROM "users" WHERE "users"."id" = ? ORDER BY "users"."id" ASC LIMIT 1[0m [["id", 8]]
[1m[35m (0.1ms)[0m begin transaction
[1m[36m (0.1ms)[0m [1mcommit transaction[0m
Redirected to https://socialplayground-portal-runpixelrun.c9.io/
Completed 302 Found in 10ms (ActiveRecord: 0.4ms)
Started GET "/" for 124.149.46.152 at 2015-08-21 07:35:08 +0000
Cannot render console from 124.149.46.152! Allowed networks: 127.0.0.1, ::1, 127.0.0.0/127.255.255.255
Processing by PagesController#home as HTML
[1m[35mPlan Load (0.2ms)[0m SELECT "plans".* FROM "plans" WHERE "plans"."id" = ? LIMIT 1 [["id", 1]]
[1m[36mPlan Load (0.1ms)[0m [1mSELECT "plans".* FROM "plans" WHERE "plans"."id" = ? LIMIT 1[0m [["id", 2]]
[1m[35mPlan Load (0.1ms)[0m SELECT "plans".* FROM "plans" WHERE "plans"."id" = ? LIMIT 1 [["id", 3]]
Rendered pages/home.html.erb within layouts/application (0.8ms)
Completed 200 OK in 206ms (Views: 203.3ms | ActiveRecord: 0.5ms)
/registrations_controller.rb
class Users::RegistrationsController < Devise::RegistrationsController
before_filter :select_plan, only: :new
def create
super do |resource|
if params[:plan]
resource.plan_id = params[:plan]
if resource.plan_id == 3
resource.save_with_payment
else
resource.save
end
end
end
end
private
def select_plan
unless params[:plan] && (params[:plan] == '1' || params[:plan] == '2' || params[:plan] == '3')
flash[:notice] = "Please select a valid membership plan."
redirect_to root_url
end
end
end
To allow plan_id to be save you need to add it in devise signup parameters. You can do this by adding following into your application controller
before_filter :configure_permitted_parameters, if: :devise_controller?
def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:email, :password_confirmation, :plan_id) }
end
Related
Whenever I try to update the user, I get redirected to /users with the edit form filled in but no errors.
Users::RegistrationsController
class Users::RegistrationsController < Devise::RegistrationsController
before_action :configure_account_update_params, only: [:update]
def update
super
end
def configure_account_update_params
devise_parameter_sanitizer.permit(:account_update, keys: [:name,:property,:admin,:phone_number,:organization,:gender,:profile_pic,:birthday])
end
...
end
Rails Server Logs
Started PUT "/users" for ::1 at 2020-07-22 17:55:57 +0500
Processing by Users::RegistrationsController#update as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"iqpDtwA8U1jJ10dtaCV/eE0m96KHUa8G7tWrpOLA48AXYnUjT+6M2qwrwncjThvwQnQQycn/dNCWsbnsteJmhA==", "user"=>{"name"=>"Sohail ", "phone_number"=>"(11", "organization"=>"11", "email"=>"user#test.com", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]", "current_password"=>"[FILTERED]"}, "commit"=>"Update"}
User Load (1.6ms) SELECT "users".* FROM "users" WHERE "users"."id" = $1 ORDER BY "users"."id" ASC LIMIT $2 [["id", 8], ["LIMIT", 1]]
User Load (1.7ms) SELECT "users".* FROM "users" WHERE "users"."id" = $1 LIMIT $2 [["id", 8], ["LIMIT", 1]]
User Exists (1.1ms) SELECT 1 AS one FROM "users" WHERE "users"."email" = $1 AND "users"."id" != $2 LIMIT $3 [["email", "user#test.com"], ["id", 8], ["LIMIT", 1]]
Rendering users/registrations/edit.html.erb within layouts/application
Rendered users/registrations/edit.html.erb within layouts/application (3.9ms)
StripeCustomer Load (4.6ms) SELECT "stripe_customers".* FROM "stripe_customers" WHERE "stripe_customers"."user_id" = $1 LIMIT $2 [["user_id", 8], ["LIMIT", 1]]
Rendered layouts/_header.html.erb (97.4ms)
Rendered layouts/_footer.html.erb (15.5ms)
Completed 200 OK in 681ms (Views: 310.2ms | ActiveRecord: 9.0ms)
It seems you have messed a little with your parameters. You sent nested parameters on your form like this:
"user"=>{"name"=>"Sohail ", "phone_number"=>"(11", "organization"=>"11", "email"=>"user#test.com", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]", "current_password"=>"[FILTERED]"}, "commit"=>"Update"}
However your permited parameters assume you are nesting everything on a :account_update key.
So you could either change the key sent on your form, or use this sanitizer:
def configure_account_update_params
devise_parameter_sanitizer.permit(:account_update, keys: [:name,:property,:admin,:phone_number,:organization,:gender,:profile_pic,:birthday])
end
I posted this of the issues page for the doorkeeper gem, but looking at it, I wonder if I should post here, any help would be amazing as I am completely stuck
I have been following the wiki on doorkeeper and doing the "Testing your provider with OAuth2 gem" (https://github.com/doorkeeper-gem/doorkeeper/wiki/Testing-your-provider-with-OAuth2-gem)
I am running rails 5.1.4, ruby 2.4.1, doorkeeper gem 4.2.6 and oauth2 v1.4.0
I am having issues trying to do what is done in the testing wiki in code, which is get an auth token
My sessions controller:
def new
session[:state] = 'some state sent from amazon'
session[:client_id] = 'some client id'
session[:client_secret] = 'some client secret'
session[:redirect_uri] = "#{request.base_url}/oauth/callback"
end
def create
user = User.find_by(email: params[:session][:email].downcase)
if user && user.authenticate(params[:session][:password])
if user.activated?
log_in user
redirect_to client.auth_code.authorize_url(:redirect_uri => session[:redirect_uri])
end
end
end
#route for /oauth/cllback comes here
def callback
token = client.auth_code.get_token(params[:code], :redirect_uri => session[:redirect_uri])
# testing print to screen
render json: token
end
private
def client
OAuth2::Client.new(session[:client_id], session[:client_secret], :site => request.base_url)
end
So as a user i log in, I authorise the app and then it times out and I get the following log for the whole flow:
Started GET "/login?client_id=<client_id>&response_type=code&state=<amazon state>&redirect_uri=https%3A%2F%2Fpitangui.amazon.com%2Fapi%2Fskill%2Flink%2FM2X1TLJOHDU07S" for 5.175.83.20 at 2017-10-23 13:36:35 +0100
Processing by SessionsController#new as HTML
Parameters: {"client_id"=>"<client_id>", "response_type"=>"code", "state"=>"<amazon state>", "redirect_uri"=>"https://pitangui.amazon.com/api/skill/link/M2X1TLJOHDU07S"}
Rendering sessions/new.html.erb within layouts/application
Rendered sessions/new.html.erb within layouts/application (1.5ms)
Rendered layouts/_shim.html.erb (0.5ms)
User Load (0.3ms) SELECT "users".* FROM "users" WHERE "users"."id" = $1 LIMIT $2 [["id", 1], ["LIMIT", 1]]
Rendered layouts/_header.html.erb (36.3ms)
Completed 200 OK in 121ms (Views: 107.5ms | ActiveRecord: 4.0ms)
Started POST "/login" for 5.175.83.20 at 2017-10-23 13:40:35 +0100
Processing by SessionsController#create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"aR03Eo+jxzN+oDPrnOevHn6moTCSePoLAi2Ncc7pKbtxVQa6lLu+IzdEsfzrexpJVm6MdOugIQICyN2ZNS7hgw==", "session"=>{"email"=>"me#daviesp.co.uk", "password"=>"[FILTERED]", "remember_me"=>"0"}, "commit"=>"Log In"}
User Load (0.6ms) SELECT "users".* FROM "users" WHERE "users"."email" = $1 LIMIT $2 [["email", "me#daviesp.co.uk"], ["LIMIT", 1]]
Redirected to https://3751d64e.ngrok.io/oauth/authorize?client_id=<client_id>&redirect_uri=https%3A%2F%2F3751d64e.ngrok.io%2Foauth%2Fcallback&response_type=code
Completed 302 Found in 67ms (ActiveRecord: 0.6ms)
Started GET "/oauth/authorize?client_id=<client_id>&redirect_uri=https%3A%2F%2F3751d64e.ngrok.io%2Foauth%2Fcallback&response_type=code" for 5.175.83.20 at 2017-10-23 13:40:36 +0100
Processing by Doorkeeper::AuthorizationsController#new as HTML
Parameters: {"client_id"=>"<client_id>", "redirect_uri"=>"https://3751d64e.ngrok.io/oauth/callback", "response_type"=>"code"}
User Load (0.4ms) SELECT "users".* FROM "users" WHERE "users"."id" = $1 LIMIT $2 [["id", 1], ["LIMIT", 1]]
Doorkeeper::Application Load (0.4ms) SELECT "oauth_applications".* FROM "oauth_applications" WHERE "oauth_applications"."uid" = $1 LIMIT $2 [["uid", "6067fbe8f36b4343aa297ce76348e868f9ea04b04841adb411d0885c491c1d48"], ["LIMIT", 1]]
CACHE User Load (0.0ms) SELECT "users".* FROM "users" WHERE "users"."id" = $1 LIMIT $2 [["id", 1], ["LIMIT", 1]]
CACHE User Load (0.0ms) SELECT "users".* FROM "users" WHERE "users"."id" = $1 LIMIT $2 [["id", 1], ["LIMIT", 1]]
Doorkeeper::AccessToken Load (0.5ms) SELECT "oauth_access_tokens".* FROM "oauth_access_tokens" WHERE "oauth_access_tokens"."application_id" = $1 AND "oauth_access_tokens"."resource_owner_id" = $2 AND "oauth_access_tokens"."revoked_at" IS NULL ORDER BY created_at desc LIMIT $3 [["application_id", 11], ["resource_owner_id", 1], ["LIMIT", 1]]
CACHE User Load (0.0ms) SELECT "users".* FROM "users" WHERE "users"."id" = $1 LIMIT $2 [["id", 1], ["LIMIT", 1]]
(0.2ms) BEGIN
Doorkeeper::AccessGrant Exists (0.6ms) SELECT 1 AS one FROM "oauth_access_grants" WHERE "oauth_access_grants"."token" = $1 LIMIT $2 [["token", "a6bd0459570f1e0116ca6b2cade1e60ae83ba439d3c70b750046cfffe3cc85e4"], ["LIMIT", 1]]
SQL (0.5ms) INSERT INTO "oauth_access_grants" ("resource_owner_id", "application_id", "token", "expires_in", "redirect_uri", "created_at", "scopes") VALUES ($1, $2, $3, $4, $5, $6, $7) RETURNING "id" [["resource_owner_id", 1], ["application_id", 11], ["token", "a6bd0459570f1e0116ca6b2cade1e60ae83ba439d3c70b750046cfffe3cc85e4"], ["expires_in", 600], ["redirect_uri", "https://3751d64e.ngrok.io/oauth/callback"], ["created_at", "2017-10-23 12:40:36.235539"], ["scopes", ""]]
(1.5ms) COMMIT
Redirected to https://3751d64e.ngrok.io/oauth/callback?code=a6bd0459570f1e0116ca6b2cade1e60ae83ba439d3c70b750046cfffe3cc85e4
Completed 302 Found in 14ms (ActiveRecord: 4.2ms)
Started GET "/oauth/callback?code=[FILTERED]" for 5.175.83.20 at 2017-10-23 13:40:36 +0100
Processing by SessionsController#oauth_call as HTML
Parameters: {"code"=>"[FILTERED]"}
Started POST "/oauth/token" for 5.175.83.20 at 2017-10-23 13:40:37 +0100
Completed 500 Internal Server Error in 60406ms (ActiveRecord: 0.0ms)
Faraday::TimeoutError (Net::ReadTimeout)
Cant for the life of me figure out why it works in irb but not in code. Here is what i do in irb
irb(main):001:0> require 'oauth2'
=> true
irb(main):002:0>
irb(main):003:0* client_id = '6067fbe8f36b4343aa297ce76348e868f9ea04b04841adb411d0885c491c1d48'
=> "6067fbe8f36b4343aa297ce76348e868f9ea04b04841adb411d0885c491c1d48"
irb(main):004:0> client_secret = '937088f4b7579b8922ad02518477da7be699958df1b1e8a85da34f2e8b4ce086'
=> "937088f4b7579b8922ad02518477da7be699958df1b1e8a85da34f2e8b4ce086"
irb(main):005:0> redirect_uri = 'https://3751d64e.ngrok.io/oauth/callback'
=> "https://3751d64e.ngrok.io/oauth/callback"
irb(main):006:0> site = 'https://3751d64e.ngrok.io'
=> "https://3751d64e.ngrok.io"
irb(main):007:0> state = 'some state'
=> "some state"
irb(main):008:0> client = OAuth2::Client.new(client_id, client_secret, :site => site)
=> #<OAuth2::Client:0x007fa61414c4b0 #id="6067fbe8f36b4343aa297ce76348e868f9ea04b04841adb411d0885c491c1d48", #secret="937088f4b7579b8922ad02518477da7be699958df1b1e8a85da34f2e8b4ce086", #site="https://3751d64e.ngrok.io", #options={:authorize_url=>"/oauth/authorize", :token_url=>"/oauth/token", :token_method=>:post, :auth_scheme=>:request_body, :connection_opts=>{}, :connection_build=>nil, :max_redirects=>5, :raise_errors=>true}>
irb(main):009:0> client.auth_code.authorize_url(:redirect_uri => redirect_uri)
=> "https://3751d64e.ngrok.io/oauth/authorize?client_id=6067fbe8f36b4343aa297ce76348e868f9ea04b04841adb411d0885c491c1d48&redirect_uri=https%3A%2F%2F3751d64e.ngrok.io%2Foauth%2Fcallback&response_type=code"
even If i put that uri into browser and it returns the access token:
{"token_type":"bearer","created_at":1508763209,"access_token":"38282cae5191923f1f358aece869e237d4d9742cdd7c918ae63104c57807a826","refresh_token":null,"expires_at":1508770409}
Again any help would be amazing!
So I found in my Dev Environment, if i stop using puma and rails server and started using POW, the issue went away. I checked if puma was running as single thread but it was running 5 threads, so not sure why this was happening.
how can I manage and edit other users profiles as an admin since I have one model and controller (users) ?
I tried to add a new action called updateusers
def updateusers
#other_user=User.find(params[:id])
if #other_user.update_attributes(otherusers_params)
redirect_to '/'
else
redirect_to '/manage'
end
end
the problem here :it is updating my admin user with the other_user's data
stack trace
Started GET "/manage" for ::1 at 2016-03-19 21:06:08 +0300 Processing by UsersController#manage as HTML User Load (1.0ms) SELECT "users".* FROM "users" Rendered users/manage.html.erb within layouts/application (5.0ms) User Load (0.0ms) SELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT 1 [["id", 1]] Completed 200 OK in 53ms (Views: 51.0ms | ActiveRecord: 1.0ms)
'Started GET "/users/10" for ::1 at 2016-03-19 21:06:10 +0300 Processing by UsersController#show as HTML Parameters: {"id"=>"10"} User Load (0.0ms) SELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT 1 [["id", 10]] Rendered users/show.html.erb within layouts/application (0.0ms) User Load (0.0ms) SELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT 1 [["id", 1]] Completed 200 OK in 37ms (Views: 36.0ms | ActiveRecord: 0.0ms)
Started GET "/editusers/10" for ::1 at 2016-03-19 21:06:11 +0300 Processing by UsersController#editusers as HTML Parameters: {"id"=>"10"} User Load (0.0ms) SELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT 1 [["id", 10]] Rendered users/editusers.html.erb within layouts/application (4.0ms) User Load (1.0ms) SELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT 1 [["id", 1]] Completed 200 OK in 41ms (Views: 39.0ms | ActiveRecord: 1.0ms)
Started PATCH "/users/10" for ::1 at 2016-03-19 21:06:15 +0300 Processing by UsersController#update as HTML Parameters: {"utf8"=>"✓", "authenticity_token"=>"6M1TGLQUEhiezCCg9/rT5IofdroMiQ0sm+bYcihgGDxTjDdFGU2Riou2pcRk5ncjCtFDGwfBj17Uq7gc0u329w==", "user"=>{"first_name"=>"g", "last_name"=>"g", "email"=>"g#g.g", "role"=>"editor", "image"=>"pic.png", "admins"=>""}, "other"=>"update", "id"=>"10"} User Load (0.0ms) SELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT 1 [["id", 1]]
Unpermitted parameters: role, admins
(0.0ms) begin transaction SQL (1.0ms) UPDATE "users" SET "first_name" = ?, "last_name" = ?, "email" = ?, "updated_at" = ? WHERE "users"."id" = ? [["first_name", "g"], ["last_name", "g"], ["email", "g#g.g"], ["updated_at", "2016-03-19 18:06:15.488284"], ["id", 1]] (47.0ms) commit transaction Redirected to localhost:8080/profile Completed 302 Found in 54ms (ActiveRecord: 48.0ms)
If it's updating the wrong user, it means that params[:id] is the id of the user being updated. Are you passing the id of the user you want to update in the params? Try calling puts params.inspect at the top of the controller action to see what data is being passed. You need to look up #other_user with their id and you need to make sure that #other_user's id is being passed with the other form data.
after 10 days ,, Yes i did it - the solution is in the name of submit , I named the two submits with diffrent names <%= f.submit "update", name:"other" %>
then i used the update action like this
def update
if params[:current]
#user = current_user
if #user.update_attributes(user_params)
redirect_to '/profile'
else
redirect_to '/edit'
end
elsif params[:other]
#other_user=User.find(params[:id])
if #other_user.update_attributes(otherusers_params)
redirect_to '/'
else
redirect_to '/manage'
end
end
end
how can I manage and edit other users profiles as an admin since I have one model and controller (users) ?
I tried to add a new action called updateusers
def updateusers
#other_user=User.find(params[:id])
if #other_user.update_attributes(otherusers_params)
redirect_to '/'
else
redirect_to '/manage'
end
end
the problem here :it is updating my admin user with the other_user's
data
stack trace
Started GET "/manage" for ::1 at 2016-03-19 21:06:08 +0300 Processing by
UsersController#manage as HTML User Load (1.0ms) SELECT "users".* FROM
"users" Rendered users/manage.html.erb within layouts/application (5.0ms) User
Load (0.0ms) SELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT 1
[["id", 1]] Completed 200 OK in 53ms (Views: 51.0ms | ActiveRecord: 1.0ms)
'Started GET "/users/10" for ::1 at 2016-03-19 21:06:10 +0300 Processing by
UsersController#show as HTML Parameters: {"id"=>"10"} User Load (0.0ms) SELECT
"users".* FROM "users" WHERE "users"."id" = ? LIMIT 1 [["id", 10]] Rendered
users/show.html.erb within layouts/application (0.0ms) User Load (0.0ms) SELECT
"users".* FROM "users" WHERE "users"."id" = ? LIMIT 1 [["id", 1]] Completed 200
OK in 37ms (Views: 36.0ms | ActiveRecord: 0.0ms)
Started GET "/editusers/10" for ::1 at 2016-03-19 21:06:11 +0300 Processing
by UsersController#editusers as HTML Parameters: {"id"=>"10"} User Load (0.0ms)
SELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT 1 [["id", 10]]
Rendered users/editusers.html.erb within layouts/application (4.0ms) User Load
(1.0ms) SELECT "users".* FROM "users" WHERE "users"."id" = ? LIMIT 1 [["id", 1]]
Completed 200 OK in 41ms (Views: 39.0ms | ActiveRecord: 1.0ms)
Started PATCH "/users/10" for ::1 at 2016-03-19 21:06:15 +0300 Processing by
UsersController#update as HTML Parameters: {"utf8"=>"✓",
"authenticity_token"=>"6M1TGLQUEhiezCCg9/rT5IofdroMiQ0sm+bYcihgGDxTjDdFGU2Riou2p
cRk5ncjCtFDGwfBj17Uq7gc0u329w==", "user"=>{"first_name"=>"g", "last_name"=>"g",
"email"=>"g#g.g", "role"=>"editor", "image"=>"pic.png", "admins"=>""},
"other"=>"update", "id"=>"10"} User Load (0.0ms) SELECT "users".* FROM "users"
WHERE "users"."id" = ? LIMIT 1 [["id", 1]] Unpermitted parameters: role, admins
(0.0ms) begin transaction SQL (1.0ms) UPDATE "users" SET "first_name" = ?,
"last_name" = ?, "email" = ?, "updated_at" = ? WHERE "users"."id" = ?
[["first_name", "g"], ["last_name", "g"], ["email", "g#g.g"], ["updated_at",
"2016-03-19 18:06:15.488284"], ["id", 1]] (47.0ms) commit transaction Redirected
to localhost:8080/profile Completed 302 Found in 54ms (ActiveRecord: 48.0ms)
The user ID of the form in "editusers" is set to your admin (or logged in user). It's hard to say without seeing the code but I think you've set up the editusers form incorrectly. Perhaps using a hidden field to hold the ID of the user you want to update.
Try to avoid that and set up the #user object in the 'editusers' action #user = User.find(10)
Then in your view use a form_for #user do |f| without any hidden fields for the ID.
after 10 days ,, Yes i did it - the solution is in the name of submit , I named the two submits with diffrent names <%= f.submit "update", name:"other" %> then i used the update action like this
def update
if params[:current]
#user = current_user
if #user.update_attributes(user_params)
redirect_to '/profile'
else
redirect_to '/edit'
end
elsif params[:other]
#other_user=User.find(params[:id])
if #other_user.update_attributes(otherusers_params)
redirect_to '/'
else
redirect_to '/manage'
end
end
end
I am using Rails 4.1.14, Ruby 2.1.6, Devise 3.2.4 and Devise_invitable 1.3.6.
The issue I am having is once a new user I invited presses the accept invitation link in the email they received, it gets stuck in a redirect loop. I can't figure out why.
These are the server logs for the entire operation (note that the bulk of the first part of the log corresponds to the logic I omit below - but I left it in case it tells something interesting) :
Started GET "/users/invitation/accept?invitation_token=qANzitr64dxzxG9dSsMU" for 127.0.0.1 at 2015-12-12 04:51:29 -0500
Processing by Users::InvitationsController#edit as HTML
Parameters: {"invitation_token"=>"qANzitr6"}
User Load (4.0ms) SELECT "users".* FROM "users" WHERE "users"."invitation_token" = 'qANzitr6' ORDER BY "users"."id" ASC LIMIT 1
User Load (1.9ms) SELECT "users".* FROM "users" WHERE "users"."id" = $1 LIMIT 1 [["id", 1]]
Member Load (3.8ms) SELECT "members".* FROM "members" WHERE "members"."email" = 'def#test.com' LIMIT 1
Membership Load (88.3ms) SELECT "memberships".* FROM "memberships" WHERE "memberships"."member_id" = 115 LIMIT 1
Connection Load (14.8ms) SELECT "connections".* FROM "connections" WHERE "connections"."membership_id" = 173 ORDER BY "connections"."id" ASC LIMIT 1
(2.3ms) BEGIN
SQL (3.4ms) UPDATE "memberships" SET "invited_id" = $1, "member_id" = $2, "relative_type" = $3, "updated_at" = $4 WHERE "memberships"."id" = 173 [["invited_id", 83], ["member_id", nil], ["relative_type", 1], ["updated_at", "2015-12-12 09:51:30.038439"]]
(1.8ms) COMMIT
Membership Load (2.3ms) SELECT "memberships".* FROM "memberships" WHERE "memberships"."user_id" = $1 AND "memberships"."invited_id" = 83 ORDER BY "memberships"."id" ASC LIMIT 1 [["user_id", 1]]
FamilyTree Load (1.7ms) SELECT "family_trees".* FROM "family_trees" WHERE "family_trees"."user_id" = $1 LIMIT 1 [["user_id", 83]]
Membership Load (3.7ms) SELECT "memberships".* FROM "memberships" WHERE "memberships"."user_id" = 83 AND "memberships"."invited_id" = 1 AND "memberships"."family_tree_id" = 85 AND "memberships"."relation" = 'wife' AND "memberships"."relative_type" = 1 LIMIT 1
(33.0ms) BEGIN
SQL (37.9ms) INSERT INTO "memberships" ("created_at", "family_tree_id", "invited_id", "relation", "relative_type", "updated_at", "user_id") VALUES ($1, $2, $3, $4, $5, $6, $7) RETURNING "id" [["created_at", "2015-12-12 09:51:30.105734"], ["family_tree_id", 85], ["invited_id", 1], ["relation", "wife"], ["relative_type", 1], ["updated_at", "2015-12-12 09:51:30.105734"], ["user_id", 83]]
Connection Exists (11.7ms) SELECT 1 AS one FROM "connections" INNER JOIN "memberships" ON "memberships"."id" = "connections"."membership_id" WHERE (memberships.invited_id = 83) LIMIT 1
(2.1ms) COMMIT
(1.6ms) BEGIN
SQL (3.7ms) UPDATE "connections" SET "invited_membership_id" = $1, "invited_user_id" = $2, "request_status" = $3, "responded_at" = $4, "updated_at" = $5 WHERE "connections"."id" = 127 [["invited_membership_id", 174], ["invited_user_id", 83], ["request_status", 1], ["responded_at", "2015-12-12 09:51:30.167563"], ["updated_at", "2015-12-12 09:51:30.172215"]]
(1.9ms) COMMIT
SQL (2.3ms) DELETE FROM "members" WHERE "members"."id" = 115
Rendered shared/_footer.html.erb (4.5ms)
Rendered users/invitations/edit.html.erb within layouts/devise (48.6ms)
Completed 200 OK in 1689ms (Views: 1405.9ms | ActiveRecord: 222.2ms)
Started PUT "/users/invitation" for 127.0.0.1 at 2015-12-12 04:51:53 -0500
Processing by UsersController#update as HTML
Parameters: {"utf8"=>"✓", "user"=>{"invitation_token"=>"qANzitr6", "gender"=>"female", "invitation_relation"=>"wife", "full_name"=>"My Wife", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]"}, "commit"=>"Register", "id"=>"invitation"}
Completed 401 Unauthorized in 8ms (ActiveRecord: 0.0ms)
Started GET "/users/login" for 127.0.0.1 at 2015-12-12 04:51:53 -0500
Processing by UsersController#show as HTML
Parameters: {"id"=>"login"}
Completed 401 Unauthorized in 1ms (ActiveRecord: 0.0ms)
Started GET "/users/login" for 127.0.0.1 at 2015-12-12 04:51:53 -0500
Processing by UsersController#show as HTML
Parameters: {"id"=>"login"}
Completed 401 Unauthorized in 1ms (ActiveRecord: 0.0ms)
This is my Users::InvitationsController#Edit
def edit
# Some logic that I know works and is irrelevant to this question.
# below is lifted directly from the `edit` action within the gem itself.
set_minimum_password_length if respond_to? :set_minimum_password_length
resource.invitation_token = params[:invitation_token]
render :edit
end
Then I specified an accept_resource method like the docs suggested I do if I want anything special to happen after or before the invitation is sent.
def accept_resource
resource = resource_class.accept_invitation!(update_resource_params)
resource.confirm!
resource
end
I assumed that part of the reason this must be happening is that I am stuck in a loop where the user's account wasn't confirmed after they accepted....hence that override.
Here is my User.rb:
class User < ActiveRecord::Base
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :trackable, :validatable, :invitable, :confirmable
end
What could be causing this?