User created custom URL with Rails 4 - ruby-on-rails

On our website, I'd like users to be able to create their own vanity/custom URL for marketing purposes (i.e. www.website.com/cakeparty2015 actually goes to www.website.com/cake/party-supplies/2015-inventory).
This is NOT a custom user created page - it's an already existing page that it will route to. The only new information is the custom URL.
I don't really know if this is possible, but does anyone know of a way using Rails to have it so a user can log in and create their own vanity URL, say where it links, and then have that automatically re-route?
To be a little clearer - hopefully
I'd like a user to fill out a form containing:
Vanity URL -
Actual URL -
and when they submit this form, the newly created vanity URL links to the actual URL. I'd like to do this without having to put every single custom URL in my route file.
Perhaps I am looking at this wrong. I'm currently trying to figure out a way to do this with URL shortening possibly?

You probably want to use https://github.com/norman/friendly_id.
You will then have a slug field in the model and you can let your users change it.

Related

CakePHP2.1 remove id in url

I am using cakephp 2.1 and I have written some actions like view, edit and delete.
In url it looks like 'view/1', 'edit/1', 'delete/1', So that I can change the ids in url.
I don't want to change it in url and it should not allow to edit the ids. Please help me to do that. The work will be more appreciable.
OK... I think I understand your question. You are concerned that if people can edit the ID's, as they are visible in the URL's, then it will be a security threat?
First, view actions:
You should check on the server-side if the user has permission to view the record with that particular ID. If they don't, then you can give an error. If they do, then let them view it - don't worry about how they got there, whether they edited the ID in the URL or not. If they have permission to view the record, just let them view it.
Second, delete actions:
Again, just like view actions, you should check on the server-side to see if a user has permission to delete the record. If they do, then let them delete it! Don't worry if they edited the ID in the URL. If the user doesn't have permission to delete the record, then your server-side check will stop them, even if they've edited the ID in the URL.
Third, edit actions:
This is slightly more complicated, but still pretty easy. I'll assume you're editing a record with an HTML form, and submitting via POST. OK, so the ID in the URL determines which record to fetch and edit. As with view and delete, you should do a server-side check to make sure the user has permission to edit that item. If they do have permission, then return the form.
Once the form has loaded, the URL showing in the browser is of no importance. The URL which the form submits to, and the data that the form submits, is important. Now, by default, the edit form will store the ID in a hidden input field. A user could change that ID, and thereby change the record they are editing.
To prevent this, use CakePHP's security component. All you need to do is include the component, and CakePHP will automatically put a hash on the form when it's loaded, which it will check again when the form is submitted. If a user has edited hidden input fields, this check will fail, and CakePHP won't allow the edit to go ahead.
Note that to use the security componenent in this way, you must build your forms using CakePHP's form helper (which you probably already are).
And a final note... sometimes people are a bit paranoid about anyone seeing the ID's in their database - and therefore don't want them showing in URL's or anywhere else. But, in almost all cases, there's nothing 'secret' about ID's at all. It doesn't matter who sees them. All they are is a means for your application, and the database, to identify a record. So long as your application is secure, then you should be able to show all your ID's to the whole world, and have nothing to worry about.

Lazy registration with RESTful routing in Rails

I'm stuck figuring out the best practice...
I want to create a "following" system in a way that a user can follow a car (getting email updates when car price changes, etc). The part of implementation that's giving me headaches is when I want to introduce lazy registration by only using email.
Everything needs to work as AJAX requests.
In the interface, there will be a button to trigger the follow action, which will check if the user is registered or not. If a user is logged in, create a new CarSubscription item, otherwise display a form where he could type his email address. Once submitted, the form should create a user with no password (if email exists, ask for the password and log in) and then it should create the relationship item.
The challenge here is to use redirection after submission of the form to the CREATE action of the CarSubscriptionController. Since I can't redirect using POST I can't simulate the CREATE or DESTROY action.
The non-RESTful solution would be to create 2 actions under cars_controller: follow and unfollow and let them do the logic of creating entries and deleting them. That would enable me to just store the request path and use it after the user enters their email and logs in.
How can I achieve what I want using RESTful resources?
After trying to describe my problem here, it seems it's way too complicated and I am indeed very stuck... There are 3 different controllers and possibly 4 requests in this scenario.
Any help would be tremendously appreciated!
Please see my flow chart below:
Not an expert here, I don't know if it's the best solution, but what I have done in similar situation is :
In your controller, respond with javascript instead of redirecting the user
In your javascript file, use $.post(...) to issue a POST to your controller action
Et voilĂ !
You can also use ActiveResource to achieve this, but I actually never tried that solution : http://api.rubyonrails.org/classes/ActiveResource/Base.html#label-Custom+REST+methods
Person.new(:name => 'Ryan').post(:register)
Hope this helps
I had a very similar need and had trouble pulling the various bits of info on how to do this with Devise and Rails together into a working example. Here's a fully working example based on Rails 4, Ruby 2, and Devise 3.0:
https://github.com/mwlang/lazy_registration_demos

Is there a clean way to preserve a parameter in a Rails controller?

We have a few self-contained pages in part of our mobile site which allow a user to sign up for a service. We have arrangements with other companies who send visitors to these pages, and they put a tracking code into the URL so we know who brought us the traffic - e.g. /mobile/landing?t=some_partner
We can't rely on the user's browser supporting cookies, so in order to preserve this information from the landing page to the sign-up event, we preserve the tracking code parameter in all the links and forms on the pages. At the moment, we have to add it to every link_to, form_tag, redirect_to and so on that we use. It's easy to add a link and forget to add the tracking code, so I'd like something more robust. Ideally I'd put at the top of the controller
preserve_parameter :t
and then every link_to, link_to, form_tag, redirect_to, etc... would automatically use the t parameter from the current request.
Is there a plugin or gem anywhere that would let me do this, or do I need to write it myself?
I don't know of any gem/plugin, but i think that you can use url_for and create helpers to do that work for you in style :
http://apidock.com/rails/ActionView/Helpers/UrlHelper/url_for

Generate different urls on each visit(A user can use the URl just once or it expires after 2 minutes etc)

Hi
I have a url which users come and fill a form on.
Now the Issue is the url for the form is suppose www.xyz.com/form1.html
once a user comes to this url either I need the user to see a different masked url out of which he cant make out anything or he cant copy paste the url and get the same content what he has on the page he's currently on.
In short I need some source code which can mask my urls to different users clicking on the original url.
The content remains same on each url but a user cant copy paste the URL and give it to someone else to have it work a second time,either a expiration session of say 2 minutes once a user comes to that url and then he cant re-use that url again or something like that which one user can use the URl just once and not more than that.
How can I achieve this.
Please help out
Use a Session ID.

Advice on model and method design for creating downloadable products with unique URLs (in Ruby on Rails 3)

I'm about to embark on a new app that will offer downloads of digital files. To keep the files secure, I never want to give out the exact URL to the end user, but instead want to mask the URL. I also want to generate unique tokens, that preferably, would be made part of the URL so each URL is unique, trackable and expireable, etc.
I guess, in a way, the theory behind URL shorteners would be applicable.
But -- what I'm not sure about is, once I've generate the token and a unique URL for the product, how do I get the rails app to route that unique URL to the actual URL of the product? I've been looking at Sendfile, but I'm not quite sure how best to go about this.
Yes, in the controller action that handles the 'secret' URL, use the send_file function, as described in the API documentation.

Resources