There are many students and each student belongs to a program.
I have a controller:
def edit
#student = Student.find(params[:id])
#programs = Program.all
end
Then I have an edit form (simplified):
<%= f.label(:program_id, "Program") %>
<%= f.select(:program_id, #programs.collect {|c| [c.name, c.id]}) %>
Finally, I have a model for the student:
class Student < ActiveRecord::Base
belongs_to :program
validates :first_name, presence: true
end
I can update a student, as long as I input a first name. If I leave first name blank, I get an error undefined method 'collect' for nil:NilClass
However, if I change the form just a little bit, everything works. Like so:
<%= f.label(:program_id, "Program") %>
<%= f.select(:program_id, Program.all.collect {|c| [c.name, c.id]}) %>
Notice the Programs.all in there. Instead of in the controller.
What gives? I'd really like to define #programs in the controller. Am I missing something obvious?
Thanks!
P.S. If I take the validation rule out of the model, everything works again--so I'm pretty sure the validation is at the heart of the matter.
Do you have an update method in your controller? My guess is in the update action you have an if statement that says if the save fails, render the edit template again. If you are rendering the edit template from the update method, the view no longer knows about #programs, so you would need to redefine again in the update method, or create a before_action.
Related
I am trying to do something basic but for some reason that's not working and not returning me any errors.
I have a User model and a ManualBill model.
The Manual Bill belongs to a User (I can select who paid it when I create it and it belongs to this User).
But then, once the Manual Bill is created, I also want to be able to add "manual_bills_payers", who are the ones who did not pay the bill but have to refund it.
In the end, that makes my models look like this:
class ManualBill < ApplicationRecord
belongs_to :flat
belongs_to :user
has_many :manual_bill_payers
has_many :users, through: :manual_bill_payers
end
And
class ManualBillPayer < ApplicationRecord
belongs_to :manual_bill
belongs_to :user
end
I've created an update form for the ManualBill, in which I am going to select several users (who are going to be manual_bill_payers) with checkboxes (I am in a loop which is why I called the manual_bill "bill" here.
<%= simple_form_for [#flat, bill] do |f| %>
<%= f.error_notification %>
<%= f.association :manual_bill_payers, as: :check_boxes,
:label_method =>
lambda { |owner| "#{owner.email}" },collection: User.all,
input_html: {class: "input-
bar-settings"} %>
<%= f.submit 'Add payers', class: "btn-form" %>
<% end %>
I am really confused of what to do here.
What I want to do is basically CREATE several new manual_bill_payers when updating the manual_bill by selecting users who are in my flat (all the Users of the db in the exemple above). I also want to be able to remove them by unchecking the boxes.
I've basically tried everything... from changing the models to put "has_and_belongs_to_many" instead of the "through" association, to changing the :manual_bill_payers into :users in the simple_form.
Most of the time the update goes through (no errors and redirect me to the show page) but I still get an empty array when I do ManualBillPayer.all or when I check my manual_bill.manual_bill_payers.
My update method here just in case
def update
#manual_bill = ManualBill.find(params[:id])
authorize #manual_bill
if #manual_bill.update(manual_bill_params)
redirect_to flatshare_path(#manual_bill.flat)
else
redirect_to root_path
end
end
def manual_bill_params
params.require(:manual_bill).permit(:manual_bill_payer_id)
end
I don't have any create method in this controller because the manual_bill is created somewhere else, which is why the last method is pretty empty
Where am I wrong? Is there something I am completely minsunderstanding?
I've put a raise in the update to check the params
{"utf8"=>"✓",
"_method"=>"patch",
"authenticity_token"=>"280izDKna4QWfr0OhZJW6u/
UWcqlxo56yR17fBDX4QFKhNG94mYqbBLPuq+ifo3mNIV10GFk1RK7Hr5AnmosOA==",
"manual_bill"=>{"manual_bill_payer_ids"=>["", "1", "35", "34"]},
"commit"=>"Add payers",
"flatshare_id"=>"15",
"id"=>"15"}
Thanks a lot
is a little project and I try to associate patient model with consultations. one patient has_many :consultations, in my form I have:
<%= f.association :patient %>
I pass the id parameter from the patient to the action 'new' in this way:
<%= link_to new_consultum_path(:id => #patient.id) %>
And in the view I have:
How can I make that the f.association field take the correspondent patient_id automatically?
How can I be sure that the patient_id is the current patient?
If I want to hide this field is that ok if I put
instead of
Is a better way to do this?
And why in the view shows me # patient:0x007f4e7c32cbd0 ?
thanks for your help.
And why in the view shows me # patient:0x007f4e7c32cbd0
This is a Patient object.
It means you need to call an attribute of this object - EG #patient.name.
--
f.association field take the correspondent patient_id automatically
This might help:
It looks like Organization model doesn't have any of these fields: [
:to_label, :name, :title, :to_s ] so SimpleForm can't detect a default
label and value methods for collection. I think you should pass it
manually.
#app/models/patient.rb
class Patient < ActiveRecord::Base
def to_label
"#{name}"
end
end
Apparently, you need to have either title, name or to_label methods in your model in order for f.association to populate the data.
-
How can I be sure that the patient_id is the current patient?
If you're having to verify this, it suggests inconsistencies with your code's structure. If you need the patient_id to be set as the current patient, surely you could set it in the controller:
#app/controllers/consultations_controller.rb
class ConultationsController < ApplicationController
def create
#consultation = Constultation.new
#consultation.patient = current_patient
#consultation.save
end
end
I can provide more context if required.
You want to associate consultations to patients using fields_for, which is similar to form_for, but does not build the form tags.
It you start with your patient object, you can iterate through the consultation associations binding it to form fields as you go.
it would look something like this
<%= form_for #patient do |patient_form| %>
<% patient_form.text_field :any_attribute_on_patient %>
<% #patient.consultations.each do |consultation| %>
<%= patient_form.fields_for consultation do |consultation_fields| %>
<% consultation_fields.text_field :any_attribute_on_consulatation %>
<% end %>
<% end %>
<% end %>
Sorry, the code may not be exactly right.
Check out the docs for field_for here
You will also have to set accepts_nested_attributes_for consultations on patient. When you set accepts_nested_forms_for, Rails will automatically update the associated consultations object to the patient and save any edits you have made. You DEFINITELY want to use accepts_nested_attributes_for most nested form handling of this type.
I'm building a martial arts related database, currently I have the following associations set up:
Student has_and_belongs_to_many :styles
Style has_many :ranks
Student has_many :ranks, through: :gradings (and vice versa)
I'm generating a form as follows, depending on the student's styles:
So the headings are generated by the Style model (Tai Chi, Karate...), then their rankings listed below (taken from the Rank model), and the "Dojo" and "Date" fields should belong to the Grading model once created.
The question: I know how to build a form that creates one association (or one association + its children), but how do I build a form that creates multiple associations at once?
Also, what would be a clean way to implement the following:
Only lines which are ticked become associations
Dojo and date must be filled in for ticked lines to save successfully
If a line is unticked it will destroy any previously created associations
This is what I've currently implemented to retrieve the correct records:
class GradingsController < ApplicationController
before_filter :authenticate_sensei!
def index
#student = Student.includes(:styles).find(params[:student_id])
#ranks = Rank.for_student_styles(#student)
split_ranks_by_style
end
private
def split_ranks_by_style
#karate = #ranks.select_style("Karate")
#tai_chi = #ranks.select_style("Tai Chi")
#weaponry = #ranks.select_style("Weaponry")
end
end
# Rank model
def self.for_student_styles(student)
includes(:style).where("styles.id in (?)", student.styles.map(&:id))
end
def self.select_style(style)
all.map { |r| r if r.style.name == style }.compact
end
Complicated forms like this are best handled in a service object initiated in the primary resource's create or update action. This allows you to easily find where the logic is happening afterwards. In this case it looks like you can kick off your service object in your GradingsController. I also prefer formatting a lot of the data in the markup, to make the handling easier in the service object. This can be done a'la rails, by passing a name like "grade[style]" and "grade[rank]". This will format your params coming in as a convenient hash: {grade: {style: "karate", rank: "3"}}. That hash can be passed to your service object to be parsed through.
Without really grasping the full extent of your specific requirements, let's put together an example form:
<%= form_for :grading, url: gradings_path do |f| %>
<h1><%= #rank.name %></h1>
<%- #grades.each do |grade| %>
<div>
<%= hidden_field_tag "grade[#{grade.id}][id]", grade.id %>
<%= check_box_tag "grade[#{grade.id}][active]" %>
...
<%= text_field_tag "grade[#{grade.id}][date]" %>
</div>
<%- end %>
<%= submit_tag %>
<%- end %>
With a form like this, you get your params coming into the controller looking something like this:
"grade"=>{
"1"=>{"id"=>"1", "active"=>"1", "date"=>"2013-06-21"},
"3"=>{"id"=>"3", "date"=>"2013-07-01"}
}
Nicely formatted for us to hand off to our service object. Keeping our controller nice and clean:
class GradingsController < ApplicationController
def index
# ...
end
def create
builder = GradeBuilder.new(current_user, params['grade'])
if builder.run
redirect_to gradings_path
else
flash[:error] = 'Something went wrong!' # maybe even builder.error_message
render :action => :index
end
end
end
So now we just need to put any custom logic into our builder, I'd probably recommend just making a simple ruby class in your /lib directory. It could look something like this:
class GradeBuilder
attr_reader :data, :user
def self.initialize(user, params={})
#user = user
#data = params.values.select{|param| param['active'].present? }
end
def run
grades = data.each{|entry| build_grade(entry)}
return false if grades.empty?
end
private
def build_grade(entry)
grade = Grade.find(entry['id'])
rank = grade.rankings.create(student_id: user, date: entry['date'])
end
end
There will obviously need a lot more work to pass all the specific data you need from the form, and extra logic in the GradeBuilder to handle edge cases, but this will give you a framework to handle this problem in a maintainable and extensible way.
I'm not familiar on how forms work.
Example Scenario
Lets say users can create surveys but after they are created cannot edit them but only add questions to them. This is done by using the edit action on the Survey.
class Survey < ActiveRecord::Base
has_many :questions
accepts_nested_attributes_for :questions
end
class Question < ActiveRecord::Base
belongs_to :survey
belongs_to :user
end
# QuestionsController
def edit
#survey = Survey.find(params[:id])
#survey.questions.build
end
def update
#survey = Survey.find(params[:id])
#survey.update_attributes(params[:survey])
redirect_to ...
end
Then the form should be:
<%= form_for #survey do |f| %>
# No surveys fields on this form!
<% f.fields_for :questions do |builder| %>
<%= render "question_fields", :f => builder %>
<% end %>
<%= f.submit "Submit" %>
<% end %>
Now does this leave the Survey's values vulnerable or open to hacking even if I want the survey's fields to be unusable after creation?
What about in general? Can model values still be edited when their not on the form? What's the logic behind this and how would I know they couldn't?
Thanks, just a newbie trying to learn.
Yes, those attributes can still be edited by submitting them as parameters to your form, even if you don't provide fields for them.
To protect against that, you can protect the attributes explicitly (in later versions of Rails, this is the default). In your Survey model, add
attr_protected :name # or whatever other attributes that model has
This prevents mass assignments for those attributes, both for create and update. To allow creating, you'll have to assign those attributes explicitly in the create action of your SurveyController:
def create
#survey = Survey.new # instead of Survey.new(params[:survey])
#survey.name = params[:survey][:name]
#survey.save
# etc
end
EDIT:
As blackbird07 points out, the better approach is to whitelist those attributes that you want to allow mass-assignment for, instead of the blacklist approach described here.
In short: Yes, they can be edited with a well-crafted POST request using either a tool like curl or by editing the HTML form with browser developer tools. The reason is that you use update_attributes for doing the update, which will update all attributes supplied in the params parameter. This is called mass-assignment.
It is recommended that you whitelist the attributes you want to be editable: http://guides.rubyonrails.org/security.html#mass-assignment
Also, it is highly recommended that your read this article about "Strong parameters: Dealing with mass assignment in the controller instead of the model"
You can also protect against mass assignment by putting
config.active_record.whitelist_attributes = true
in your config/application.rb
Now all atttrbitues must be explicitly labeled accessible. It does this by creating an empty whitelist of attributes for all models in your app.
I am using a virtual attribute called :all_dates on my form . The point of this field is to replace the :purchase_date attribute of my UserPrice model with the date of my :all_dates field. The reason for this is so user's don't have to change the :purchase_date of all of the user_price records they want to create on the form (they can create a maximum of 5), so what it suppose to do is update the columns of the user_prices with the date that is given from the :all_dates field.
Problem
Unfortunately on creating 1 to 5 records of user_prices, I get a NoMethodError because of the :all_dates field:
NoMethodError (undefined method `user_prices' for #<UserPrice:0x485d918>):
app/models/user_price.rb:54:in `save_all_dates_to_user_prices'
app/controllers/user_prices_controller.rb:27:in `each'
app/controllers/user_prices_controller.rb:27:in `create_multiple'
UPDATE
I got rid of the NoMethodError by putting this in my UserPrice model:
def user_prices
#user_prices = Array.new() { UserPrice.new }
end
But that isn't correct because the :all_dates field doesn't update my UserPrice :purchase_date fields. Does anyone have any ideas?
Question
How do I define the method user_prices?
I am guessing its suppose to be able to loop several new records of UserPrice but how is that done?
Code
This form acts like a nested form but instead of using two or more models its just using one single model which is my UserPrice to generate more records on the form, in my case being 5 new ones.
<%= form_tag create_multiple_user_prices_path, :method => :post do %>
<%= date_select("user_price", "all_dates" %>
<% #user_prices.each_with_index do |user_price, index| %>
<%= fields_for "user_prices[#{index}]", user_price do |up| %>
<%= render "add_store_price_fields", :f => up %>
<% end %>
<% end %>
<% end %>
class UserPrice < ActiveRecord::Base
attr_accessible :price, :product_name, :all_dates
attr_accessor :all_dates
after_save :save_all_dates_to_user_prices
protected
def save_all_dates_to_user_prices
self.user_prices.each {|up| up.purchase_date = self.all_dates if up.new_record?}
end
class UserPricesController < ApplicationController
def new
#user_prices = Array.new(5) { UserPrice.new }
end
def create_multiple
#user_prices = params[:user_prices].values.collect { |up| UserPrice.new(up) }
if #user_prices.all?(&:valid?)
#user_prices.each(&:save!)
redirect_to :back, :notice => "Successfully added prices."
else
redirect_to :back, :notice => "Error, please try again."
end
end
Re: Why receiving error undefined method `user_prices' for...
Ans: You need to define the method user_prices
Since you named the model (object) UserPrice, normally user_price would be used to represent an instance of the model.
You need to re-think what user_prices represents, an array of UserPrice objects/records? Or something else?
Added Do you want method save_all_dates_to_user_prices to iterate through all of the UserPrice records?
If so, then:
You probably want save_all_dates_to_user_prices to be a class method since it would be dealing with the multiple instances of the class.
The method would need to first load an array with all of the current records. Do this with the class method find or scope
I Took a totally different approach and was still able to get the same results in this Question: How to update a model's attribute with a virtual attribute?