Todos Controller
class TodosController < ApplicationController
# GET /todos
# GET /todos.json
def index
#todos = Todo.all
#projects = Project.new
respond_to do |format|
format.html # index.html.erb
format.json { render :json => #todos }
end
end
# GET /todos/1
# GET /todos/1.json
def show
#todo = Todo.find(params[:id])
respond_to do |format|
format.html # show.html.erb
format.json { render :json => #todo }
end
end
# GET /todos/new
# GET /todos/new.json
def new
#todo = Todo.new
respond_to do |format|
format.html # new.html.erb
format.json { render :json => #todo }
end
end
# GET /todos/1/edit
def edit
#todo = Todo.find(params[:id])
end
# POST /todos
# POST /todos.json
def create
#todo = Todo.new(params[:todo])
respond_to do |format|
if #todo.save
format.html { redirect_to(#todo, :notice => 'Todo was successfully created.') }
format.json { render :json => #todo, :status => :created, :location => #todo }
else
format.html { render :action => "new" }
format.json { render :json => #todo.errors, :status => :unprocessable_entity }
end
end
end
# PUT /todos/1
# PUT /todos/1.json
def update
#todo = Todo.find(params[:id])
respond_to do |format|
if #todo.update_attributes(params[:todo])
format.html { redirect_to(#todo, :notice => 'Todo was successfully updated.') }
format.json { render :json => {} }
else
format.html { render :action => "edit" }
format.json { render :json => #todo.errors, :status => :unprocessable_entity }
end
end
end
# DELETE /todos/1
# DELETE /todos/1.json
def destroy
#todo = Todo.find(params[:id])
#todo.destroy
respond_to do |format|
format.html { redirect_to(todos_url) }
format.json { render :json => {} }
end
end
def newproject
#projects = Project.all
end
end
Todos_form.html.erb
<%= form_for(#todo) do |f| %>
<% if #todo.errors.any? %>
<div id="error_explanation">
<h2><%= pluralize(#todo.errors.count, "error") %> prohibited this todo from being saved:</h2>
<ul>
<% #todo.errors.full_messages.each do |msg| %>
<li><%= msg %></li>
<% end %>
</ul>
</div>
<% end %>
<div class="field">
<%= f.label :content %><br />
<%= f.text_field :content %>
</div>
<div class="actions">
<%= f.submit %>
</div>
<% end %>
projects_form.html.erb
<%= form_for(#project) do |f| %>
<% if #project.errors.any? %>
<div id="error_explanation">
<h2><%= pluralize(#project.errors.count, "error") %> prohibited this project from being saved:</h2>
<ul>
<% #project.errors.full_messages.each do |msg| %>
<li><%= msg %></li>
<% end %>
</ul>
</div>
<% end %>
<div class="field">
<%= f.label :name %><br />
<%= f.text_area :name %>
</div>
<div class="field">
<%= f.label :project_id %><br />
<%= f.number_field :project_id %>
</div>
<div class="actions">
<%= f.submit %>
</div>
<% end %>
project.rb
class Project < ActiveRecord::Base
attr_accessible :name, :project_id
has_many :todos
def as_json(options = {})
super(options.merge(:only => [ :id, :name, :project_id]))
end
end
todo.rb
class Todo < ActiveRecord::Base
attr_accessible :content, :order, :done
belongs_to :project
def as_json(options = {})
super(options.merge(:only => [ :id, :content, :order, :done ]))
end
end
Hi I have two models Todos and Projects, in Todos index i want to show projects field values. How it is possible help me how to proceed it.
And i need Associations also.
Note: The field values must be comes from project controller and save it Database.
First project model should not have project_id column. project_id should be present in the todo model.
Then change your routes.
resources :projects do
resources :todos
end
Now add the code to project controller.
class ProjectsController < ApplicationController
def index
#projects = Project.all
end
def show
#project = Project.find(params[:id])
#todos = #project.todos.all
end
def new
#project = Project.mew
end
def create
#project = Project.new(params[:project])
if #project.save
.....
else
....
end
end
end
Individual project contains its own todos. So that in project show page you can display all the todos associated with the project.
Now the todo controller should be look like:
class TodosController < ApplicationController
def new
#project = Project.find(params[:project_id])
#todo = #project.todos.new
end
def create
#project = Project.find(params[:project_id])
#todo = #project.todos.build(params[:todo])
if #todo.save
.....
else
....
end
end
def show
#project = Project.find(params[:project_id])
#todo = #project.todos.find(params[:id])
end
end
Finally in app/views/projects/new.html.erb file add the following code:
<%= form_for #project do |f| %>
<% if #project.errors.any? %>
<div id="error_explanation">
<h2><%= pluralize(#project.errors.count, "error") %> prohibited this project from being saved:</h2>
<ul>
<% #project.errors.full_messages.each do |msg| %>
<li><%= msg %></li>
<% end %>
</ul>
</div>
<% end %>
<div class="field">
<%= f.label :name %><br />
<%= f.text_area :name %>
</div>
<div class="actions">
<%= f.submit %>
</div>
<% end %>
And in app/views/todos/new.html.erb add the code:
<%= form_for #todo, url: project_todos_path(#project), method: :post do |f| %>
<% if #todo.errors.any? %>
<div id="error_explanation">
<h2><%= pluralize(#todo.errors.count, "error") %> prohibited this todo from being saved:</h2>
<ul>
<% #todo.errors.full_messages.each do |msg| %>
<li><%= msg %></li>
<% end %>
</ul>
</div>
<% end %>
<div class="field">
<%= f.label :content %><br />
<%= f.text_field :content %>
</div>
<div class="actions">
<%= f.submit %>
</div>
Related
I am new in rails and I'm trying to make a form to associate roles with users, I have two collection_select in the form but when I want to create or update I get this error:
my controller code is :
class UserRolesController < ApplicationController
before_action :set_user_role, only: [:show, :edit, :update, :destroy]
##roles =RolesController.new
##users =UsersController.new
# GET /user_roles
# GET /user_roles.json
def index
#user_roles = UserRole.all
end
# GET /user_roles/1
# GET /user_roles/1.json
def show
end
# GET /user_roles/new
def new
#user_role = UserRole.new
#users =##users.get_all_users
#roles =##roles.get_all_roles
end
# GET /user_roles/1/edit
def edit
#users =##users.get_all_users
#roles =##roles.get_all_roles
#user_roles =UserRole.find(params[:id])
#selected_role=#user_roles.role_id
#selected_user=#user_roles.user_id
end
# POST /user_roles
# POST /user_roles.json
def create
#user_role = UserRole.new(user_role_params)
respond_to do |format|
if #user_role.save
format.html { redirect_to #user_role, notice: 'User role was successfully created.' }
format.json { render :show, status: :created, location: #user_role }
else
format.html { render :new }
format.json { render json: #user_role.errors, status: :unprocessable_entity }
end
end
end
# PATCH/PUT /user_roles/1
# PATCH/PUT /user_roles/1.json
def update
respond_to do |format|
if #user_role.update(user_role_params)
format.html { redirect_to #user_role, notice: 'User role was successfully updated.' }
format.json { render :show, status: :ok, location: #user_role }
else
format.html { render :edit }
format.json { render json: #user_role.errors, status: :unprocessable_entity }
end
end
end
# DELETE /user_roles/1
# DELETE /user_roles/1.json
def destroy
#user_role.destroy
respond_to do |format|
format.html { redirect_to user_roles_url, notice: 'User role was successfully destroyed.' }
format.json { head :no_content }
end
end
def get_user_role_by_userid(user_id)
return UserRole.where(user_id:user_id).first
end
private
# Use callbacks to share common setup or constraints between actions.
def set_user_role
#user_role = UserRole.find(params[:id])
end
# Never trust parameters from the scary internet, only allow the white list through.
def user_role_params
params.require(:user_role).permit(:role_id,:user_id)
end
end
My form code is :
<%= form_for(user_role) do |f| %>
<% if user_role.errors.any? %>
<div id="error_explanation">
<h2><%= pluralize(user_role.errors.count, "error") %> prohibited this user_role from being saved:</h2>
<ul>
<% user_role.errors.full_messages.each do |message| %>
<li><%= message %></li>
<% end %>
</ul>
</div>
<% end %>
<div class="field">
<%= f.label :user %>
<%= collection_select(:user_id, :user_id,#users, :id, :name,{:selected => #selected_user}) %>
</div>
<div class="field">
<%= f.label :rol %>
<%= collection_select(:role_id, :role_id,#roles, :id, :role {:selected => #selected_role}) %>
</div>
<div class="actions">
<%= f.submit %>
</div>
<% end %>
What i am doing wrong? , how i have to set the user_role_params in this case?
I am using ruby 2.3.1 and Rails : 5.0.1
Thanks for your suggestions.
You need to put an f before collection set like this:
<%= form_for(user_role) do |f| %>
<% if user_role.errors.any? %>
<div id="error_explanation">
<h2><%= pluralize(user_role.errors.count, "error") %> prohibited this user_role from being saved:</h2>
<ul>
<% user_role.errors.full_messages.each do |message| %>
<li><%= message %></li>
<% end %>
</ul>
</div>
<% end %>
<div class="field">
<%= f.label :user %>
<%= f.collection_select(:user_id, #users, :id, :name,{:selected => #selected_user}) %>
</div>
<div class="field">
<%= f.label :rol %>
<%= f.collection_select(:role_id, #roles, :id, :role {:selected => #selected_role}) %>
</div>
<div class="actions">
<%= f.submit %>
</div>
otherwise the params are being sent like user_id instead of user_role[user_id]
I have a sidebar which displays the user's constructions.
I display it this way:
<% current_user.constructions.each do |obra| %>
<li>
<%= link_to construction_path(obra) do %>
<i class="fa fa-home"></i> <%= obra.name %>
<% end %>
<ul class="nav child_menu" style="display: block">
<li>
<%= link_to "Documentos", construction_docs_path(obra) %>
</li>
<li>
<%= link_to "Meus Pagamentos", construction_boletos_path(obra) %>
</li>
</ul>
</li>
<% end %>
It's working with everything, except when I try to create a New Construction, it says:
No route matches {:action=>"show", :controller=>"constructions", :id=>nil}
missing required keys: [:id]
I guess that's because it loses track of the current_user.constructions since my controller makes the
def new
#construction = current_user.constructions.build
end
call...
How can I pass the current constructions' ids, displaying it at the same time that I create a new construction?
EDIT -
constructions_controller.rb
class constructionsController < ApplicationController
before_filter :authenticate_user!
before_action :set_construction, only: [:show, :edit, :update, :destroy]
# GET /constructions
# GET /constructions.json
def index
#constructions = Construction.all
end
# GET /constructions/1
# GET /constructions/1.json
def show
end
# GET /constructions/new
def new
#construction = current_user.constructions.build
end
# GET /constructions/1/edit
def edit
end
# POST /constructions
# POST /constructions.json
def create
#construction = current_user.constructions.build(construction_params)
respond_to do |format|
if #construction.save
format.html { redirect_to #construction, notice: 'construction was successfully created.' }
format.json { render :show, status: :created, location: #construction }
else
format.html { render :new }
format.json { render json: #construction.errors, status: :unprocessable_entity }
end
end
end
# PATCH/PUT /constructions/1
# PATCH/PUT /constructions/1.json
def update
respond_to do |format|
if #construction.update(construction_params)
format.html { redirect_to #construction, notice: 'construction was successfully updated.' }
format.json { render :show, status: :ok, location: #construction }
else
format.html { render :edit }
format.json { render json: #construction.errors, status: :unprocessable_entity }
end
end
end
# DELETE /constructions/1
# DELETE /constructions/1.json
def destroy
#construction.destroy
respond_to do |format|
format.html { redirect_to constructions_url, notice: 'construction was successfully destroyed.' }
format.json { head :no_content }
end
end
private
# Use callbacks to share common setup or constraints between actions.
def set_construction
#construction = Construction.find(params[:id])
end
# Never trust parameters from the scary internet, only allow the white list through.
def construction_params
params.require(:construction).permit(:name, :locale, :start_date, :description, :image)
end
end
routes.rb
Rails.application.routes.draw do
resources :boletos
resources :documentos
resources :constructions do
get 'construction_documents/index', :path => 'docs', :as => 'docs'
get 'construction_boletos/index', :path => 'boletos', :as => 'boletos'
end
devise_for :users
root 'plainpage#index'
end
constructions/new.html.erb
<h1>New Construction</h1>
<%= render 'form' %>
<%= link_to 'Back', constructions_path %>
constructions/_form.html.erb
<%= form_for #construction, html: { multipart: true } do |f| %>
<% if #construction.errors.any? %>
<div id="error_explanation">
<h2><%= pluralize(#construction.errors.count, "error") %> prohibited this construction from being saved:</h2>
<ul>
<% #construction.errors.full_messages.each do |message| %>
<li><%= message %></li>
<% end %>
</ul>
</div>
<% end %>
<div class="field">
<%= f.file_field :image %>
</div>
<div class="field">
<%= f.label :name %><br>
<%= f.text_field :name %>
</div>
<div class="field">
<%= f.label :locale %><br>
<%= f.text_field :locale %>
</div>
<div class="field">
<%= f.label :start_date %><br>
<%= f.date_select :start_date %>
</div>
<div class="field">
<%= f.label :description %><br>
<%= f.text_area :description %>
</div>
<div class="actions">
<%= f.submit %>
</div>
<% end %>
I have a weird problem with "nested_form" in Rails. I made a model "evaluate" associated to other model "proyect", but when I try to show theres fields, on "proyects" form, just show fields from "proyects".
Here is my code:
Models:
proyect.erb
class Proyect < ActiveRecord::Base
belongs_to :user
has_many :vercions #I know is versions
has_many :evaluates #I know is evaluators
accepts_nested_attributes_for :evaluates, allow_destroy: true
validates :titulo,:presence => true,
:length => { :minimum => 3 }
validates :descripcion,:presence => true,
:length => { :minimum => 3 }
end
evaluate.erb
class Evaluate < ActiveRecord::Base
belongs_to :proyect
has_and_belongs_to_many :users
end
Controller
proyects_controller.erb
class ProyectsController < ApplicationController
before_action :set_proyect, only: [:show, :edit, :update, :destroy]
# GET /proyects
# GET /proyects.json
def index
if current_user.tipo == 'i'
#proyects = Proyect.where(:user_id => current_user.id)
else
#proyects = #Proyect.where(:id_user => current_user.id)
Proyect.all
end
end
# GET /proyects/1
# GET /proyects/1.json
def show
#vercion = Vercion.new
end
# GET /proyects/new
def new
#proyect = Proyect.new
#proyect.evaluates.build
end
# GET /proyects/1/edit
def edit
end
# POST /proyects
# POST /proyects.json
def create
#proyect = current_user.proyects.new(proyect_params)
respond_to do |format|
if #proyect.save
format.html { redirect_to #proyect, notice: 'Proyecto creado!.' }
format.json { render :show, status: :created, location: #proyect }
else
format.html { render :new }
format.json { render json: #proyect.errors, status: :unprocessable_entity }
end
# Llamamos al ActionMailer que creamos
Usermailer.bienvenido_email(current_user,#proyect).deliver
end
end
# PATCH/PUT /proyects/1
# PATCH/PUT /proyects/1.json
def update
respond_to do |format|
if #proyect.update(proyect_params)
format.html { redirect_to #proyect, notice: 'Proyect was successfully updated.' }
format.json { render :show, status: :ok, location: #proyect }
else
format.html { render :edit }
format.json { render json: #proyect.errors, status: :unprocessable_entity }
end
end
end
# DELETE /proyects/1
# DELETE /proyects/1.json
def destroy
#proyect.destroy
respond_to do |format|
format.html { redirect_to proyects_url, notice: 'Proyect was successfully destroyed.' }
format.json { head :no_content }
end
end
private
# Use callbacks to share common setup or constraints between actions.
def set_proyect
#proyect = Proyect.find(params[:id])
end
# Never trust parameters from the scary internet, only allow the white list through.
def proyect_params
params.require(:proyect).permit(
:titulo, :descripcion,:evaluador, :id_user, :codigo, :user_assign,evaluates_attributes: [:id,:nombre, :prioridad, :_destroy, user_ids: [] ])
end
end
Views
_form.html.erb (Proyects)
<%= nested_form_for(#proyect) do |f| %>
<% if #proyect.errors.any? %>
<div id="error_explanation">
<h2><%= pluralize(#proyect.errors.count, "error") %> prohibited this proyect from being saved:</h2>
<ul>
<% #proyect.errors.full_messages.each do |message| %>
<li><%= message %></li>
<% end %>
</ul>
</div>
<% end %>
<div class="field">
<%= f.label :titulo %><br>
<%= f.text_field :titulo %>
</div>
<div class="field">
<%= f.label :descripcion %><br>
<%= f.text_area :descripcion %>
</div>
<div class="field">
<%= f.hidden_field :id_user, :value => current_user.id %>
</div>
<!--Aqui aƱadi algo-->
<fieldset id="evaluates">
<%= f.fields_for :evaluates do |evaluates_form| %>
<div class="field">
<%= evaluates_form.label :status %><br>
<%= evaluates_form.text_field :status %>
</div>
<%= evaluates_form.link_to_remove "Eliminar esta tarea" %>
<% end %>
<p><%= f.link_to_add "Agregar una tarea", :evaluates %></p>
</fieldset>
<div class="actions">
<%= f.submit %>
</div>
<% end %>
_evaluate_fields.html.erb
<div class="field">
<%= f.label :status, 'Nombre de la tarea' %><br>
<%= f.text_field :status %>
</div>
<div class="field">
<%= f.collection_check_boxes :user_ids, User.where(:tipo => 'e'), :id, :cedula %>
</div>
<%= f.link_to_remove "Eliminar Evaluador" %>
So, I have a rails app that allows users to submit youtube links and rank the songs/links using the thumbs up gem.
However, users must physically copy and paste the link into the browser to listen to the song after the link is uploaded. For a better UX I'm going to use this gem to dynamically embed the YouTube video into my app once the users upload the link.
However, I'm not quite sure how this can be done?
I was thinkin' of doing something like this in the index:
<%= YouTubeAddy.extract_video_id('song.url)' %> <%= YouTubeAddy.youtube_embed_url('song.url') %> ?
or would it have to be in the controller? and if so how?
song#new.html.erb:
<%= form_for #song, :html => { :multipart => true } do |f| %>
<% if #song.errors.any? %>
<div id="error_explanation">
<h2><%= pluralize(#song.errors.count, "error") %> prohibited this song from being saved:</h2>
<ul>
<% #song.errors.full_messages.each do |msg| %>
<li><%= msg %></li>
<% end %>
</ul>
</div>
<% end %>
<div class="row">
<div class="large-6 columns">
<div class="field">
<%= f.label :title %>
<%= f.text_field :title %>
</div>
<div class="field">
<%= f.label 'website url' %>
<%= f.text_area :url %>
</div>
<div class="field">
<%= f.label :tag_list, "Genres (separated by commas)" %><br />
<%= f.text_field :tag_list %>
</div>
<p>
<%= f.file_field :track%>
</p>
<div class="actions">
<%= f.submit value: "Upload" %>
</div>
<% end %>
</div>
song_controller.rb
class SongsController < ApplicationController
before_filter :authenticate_user!, only: [:create ,:edit, :update, :destroy, :vote_for_song]
before_action :set_song, only: [:show, :edit, :update, :destroy, :vote_for_song]
def vote_for
#song = Song.find(params[:id])
current_user.vote_for(#song)
#song.plusminus = #song.votes_for
#song.save
respond_to do |format|
format.js { render 'update_votes' }
end
end
def vote_against
#song = Song.find(params[:id])
current_user.vote_against(#song)
respond_to do |format|
format.js { render 'update_votes' }
end
end
def new_songs
#songs = Song.order "id DESC"
end
# GET /Songs
# GET /Songs.json
def index
if params[:genre]
#songs = Song.tagged_with(params[:genre]).paginate(:page => params[:page], :per_page => 15)
else
#songs = Song.order('plusminus').paginate(:page => params[:page], :per_page => 15)
end
end
# GET /Songs/1
# GET /Songs/1.json
def show
#comment = Comment.new(song: #song)
end
# GET /Songs/new
def new
#song = Song.new
end
# GET /Songs/1/edit
def edit
end
# POST /Songs
# POST /Songs.json
def create
#song = Song.new(song_params)
respond_to do |format|
if #song.save
format.html { redirect_to #song, notice: 'Song was successfully created.' }
format.json { render action: 'show', status: :created, location: #song }
else
format.html { render action: 'new' }
format.json { render json: #song.errors, status: :unprocessable_entity }
end
end
end
# PATCH/PUT /Songs/1
# PATCH/PUT /Songs/1.json
def update
respond_to do |format|
if #song.update(song_params)
format.html { redirect_to #song, notice: 'Song was successfully updated.' }
format.json { head :no_content }
else
format.html { render action: 'edit' }
format.json { render json: #song.errors, status: :unprocessable_entity }
end
end
end
# Song /Songs/1
# Song /Songs/1.json
def destroy
#song.destroy
respond_to do |format|
format.html { redirect_to songs_url }
format.json { head :no_content }
end
end
private
def set_song
#song = Song.find(params[:id])
end
def song_params
params.require(:song).permit(:title, :artist, :url, :track, :user_id, :tag_list)
end
end
index.html.erb
<h6>Top ranked songs</h6>
<hr>
<ol><% #songs.each do |song| %>
<span class="title">
<li><%=link_to image_tag('thumbs.png', size: '16x50'), vote_for_song_path(song), :remote => true, :method => :put %> <%= link_to song.title, song %><span class="subtext"> (<%= song.url %>)<br></li></span>
<%#=link_to '▼'.html_safe, vote_against_song_path(song), :remote => true, :method => :put %>
<span class="subtext"><span class="votes_<%= song.id %>"><%= pluralize(song.votes.count, 'like') %>,</span>
posted <%= time_ago_in_words(song.created_at) + " ago" %>
<small><span class="comments"></small> | <%= pluralize(song.comments.size, 'comment') %></span></small><br /></span>
<%#= link_to 'Show', song, class: "button small secondary" %>
<%= link_to('Edit', edit_song_path(song), class: "button small secondary") if can? :update, song %>
<%= link_to('Destroy', song, method: :delete, data: {confirm: 'Are you sure?'}, class: "button small secondary") if can? :destroy, song %>
<% end %>
</ol>
<div class="pagination-centered">
<ul class="pagination">
<%#= will_paginate #songs %>
<!-- or custom pagination -->
<% if #songs.previous_page %>
<%= link_to "Back", params.merge(page: #songs.previous_page) %>
<% end %>
<% if #songs.next_page %>
<%= link_to "More", params.merge(page: #songs.next_page) %>
<% end %>
</ul></div>
YouTubeAddy.youtube_embed_url('song.url') generates a string of iframe tag, so it should be used in your view exactly where you want an embedded video to be placed. But note that you should return an html safe string. So in your view you have:
<%=raw YouTubeAddy.youtube_embed_url('song.url') %>
More about unescaping html.
I've read through lots of posts here and still cant figure this one out.
I have a forum_post model and a links model. I want to nest the links form with the forum_post form but keep getting a Can't mass-assign protected attributes: links.
ForumPost Model
class ForumPost < ActiveRecord::Base
attr_accessible :content, :links_attributes
has_many :links, :as => :linkable, :dependent => :destroy
accepts_nested_attributes_for :links, :allow_destroy => true
end
Links Model
class Link < ActiveRecord::Base
attr_accessible :description, :image_url, :link_url, :linkable_id, :linkable_type, :title
belongs_to :linkable, :polymorphic => true
end
Forum_post View
<%= form_for(#forum_post) do |f| %>
<% if #forum_post.errors.any? %>
<div id="error_explanation">
<h2><%= pluralize(#forum_post.errors.count, "error") %> prohibited this forum_post from being saved:</h2>
<ul>
<% #forum_post.errors.full_messages.each do |msg| %>
<li><%= msg %></li>
<% end %>
</ul>
</div>
<% end %>
<div class="field">
<%= f.label :content %><br />
<%= f.text_area :content, :rows => 5 %>
</div>
<%= f.fields_for :link do |link| %>
<%= render :partial => 'links/link', :locals => { :f => link} %>
<% end%>
<div class="actions">
<%= f.submit %>
</div>
<% end %>
Link View Partial
<div class="field">
<%= f.label :link_url %><br />
<%= f.text_field :link_url, :id => "url_field" %>
</div>
<div id="link_preview">
</div>
ForumPosts Controller
class ForumPostsController < ApplicationController
def new
#forum_post = ForumPost.new
respond_to do |format|
format.html # new.html.erb
format.json { render json: #forum_post }
end
def create
#forum_post = ForumPost.new(params[:forum_post])
respond_to do |format|
if #forum_post.save
format.html { redirect_to #forum_post, notice: 'Forum post was successfully created.' }
format.json { render json: #forum_post, status: :created, location: #forum_post }
else
format.html { render action: "new" }
format.json { render json: #forum_post.errors, status: :unprocessable_entity }
end
end
end
Links Controller
class LinksController < ApplicationController
def find_linkable
params.each do |name, value|
if name =~ /(.+)_id$/
return $1.classify.constantize.find(value)
end
end
nil
end
def index
#linkable = find_linkable
#links = #linkable.links
end
def create
#linkable = find_linkable
#link = #linkable.links.build(params[:link])
if #link.save
flash[:notice] = "Successfully saved link."
redirect_to :id => nil
else
render :action => 'new'
end
end
end
Well, according to your question the protected attributes that you can't mass-assign is :links.
Not sure how that happened, but have you tried attr_accessible :links?
As for the security implications, it is the reason github got hacked once https://gist.github.com/1978249, and I would highly discourage setting whitelist_attributes to false.