I have some pages in a rails website that can be accessed only by user and admin,
I am hiding them from the public inside the views with user_signed_in?.
the problem is that when you copy and paste the url of the page when not logged in
you can still access them.
I imagine its something I need to add in the controller of those pages.
Any help would be great as I am still learning rails.
for example i would like to protect this controller
class DailiesController < ApplicationController
before_filter :authenticate_admin!, except: [:index, :show]
before_action :set_daily, only: [:show, :edit, :update, :destroy]
# GET /dailies
# GET /dailies.json
def index
#dailies = Daily.order("created_at desc")
end
# GET /dailies/1
# GET /dailies/1.json
def show
end
# GET /dailies/new
def new
#daily = current_admin.dailies.new
end
# GET /dailies/1/edit
def edit
#daily = current_admin.dailies.find(params[:id])
end
# POST /dailies
# POST /dailies.json
def create
#daily = current_admin.dailies.new(daily_params)
respond_to do |format|
if #daily.save
format.html { redirect_to #daily, notice: 'Post was successfully created.' }
format.json { render action: 'show', status: :created, location: #daily }
else
format.html { render action: 'new' }
format.json { render json: #daily.errors, status: :unprocessable_entity }
end
end
end
# PATCH/PUT /dailies/1
# PATCH/PUT /dailies/1.json
def update
#daily = current_admin.dailies.find(params[:id])
respond_to do |format|
if #daily.update(daily_params)
format.html { redirect_to #daily, notice: 'daily was successfully updated.' }
format.json { head :no_content }
else
format.html { render action: 'edit' }
format.json { render json: #daily.errors, status: :unprocessable_entity }
end
end
end
# DELETE /dailies/1
# DELETE /dailies/1.json
def destroy
#daily = current_admin.dailies.find(params[:id])
#daily.destroy
respond_to do |format|
format.html { redirect_to dailies_url }
format.json { head :no_content }
end
end
private
# Use callbacks to share common setup or constraints between actions.
def set_daily
#daily = Daily.find(params[:id])
end
# Never trust parameters from the scary internet, only allow the white list through.
def daily_params
params.require(:daily).permit(:description, :image)
end
end
have you already created a method called authenticate_admin?
you can try something like this
before_action :has_access?
def has_access?
redirect_to root_path unless user_signed_in? && current_user.admin?
end
Related
I'm trying to create podcast pages.
I have mp3 file URL https://mcdn.podbean.com/mf/web/tcips9/Introverted.mp3
and want to have a download button linked to the mp3 file URL, so when I click it, I want to download instead of opening a new web browser and play.
= link_to "Download", #podcast.episode_audio_url, download: "{#podcast.episode_audio_url}"
I tried above code and it's opening a new web browser and play.
How do I achieve my goal? Please help,.
My controller
class PodcastsController < ApplicationController
before_action :set_podcast, only: [:show, :edit, :update, :destroy]
# GET /podcasts
# GET /podcasts.json
def index
#podcasts = Podcast.all
end
# GET /podcasts/1
# GET /podcasts/1.json
def show
end
# GET /podcasts/new
def new
#podcast = Podcast.new
end
# GET /podcasts/1/edit
def edit
end
# POST /podcasts
# POST /podcasts.json
def create
#podcast = Podcast.new(podcast_params)
respond_to do |format|
if #podcast.save
format.html { redirect_to #podcast, notice: 'Podcast was successfully created.' }
format.json { render :show, status: :created, location: #podcast }
else
format.html { render :new }
format.json { render json: #podcast.errors, status: :unprocessable_entity }
end
end
end
# PATCH/PUT /podcasts/1
# PATCH/PUT /podcasts/1.json
def update
respond_to do |format|
if #podcast.update(podcast_params)
format.html { redirect_to #podcast, notice: 'Podcast was successfully updated.' }
format.json { render :show, status: :ok, location: #podcast }
else
format.html { render :edit }
format.json { render json: #podcast.errors, status: :unprocessable_entity }
end
end
end
# DELETE /podcasts/1
# DELETE /podcasts/1.json
def destroy
#podcast.destroy
respond_to do |format|
format.html { redirect_to podcasts_url, notice: 'Podcast was successfully destroyed.' }
format.json { head :no_content }
end
end
private
# Use callbacks to share common setup or constraints between actions.
def set_podcast
#podcast = Podcast.find(params[:id])
end
# Never trust parameters from the scary internet, only allow the white list through.
def podcast_params
params.require(:podcast).permit(:episode_url, :episode_title, :episode_description, :episode_audio_url, :episode_number)
end
end
Thank you in advance.
I would suggest you writing the download logic in a app controller. So in your routes you would have
get download_podcast, to: "downloads#podcast"
your controller would be
class DownloadsController
def podcast
send_file Podcast.find(params[:podcast_id]).episode_audio_url, type: "audio/mp3"
end
end
and your view would link to this action with
link_to "Download", download_podcast_path(podcast_id: #podcast.id), target: "_blank"
i have ProjectSite model and ManagerRemark model related to many to one association. my MangerRemark model has boolean value true and false i want to access that boolean value to other controller view. please help. here is my code.i want to print decision boolean value next to each project site index list how can i do that? in other controller name new_manager_controller view
project_sites_controller.rb
class ProjectSitesController < ApplicationController
before_action :authenticate_user!
before_action :is_project_site?, except: [:show]
before_action :set_project_site, only: [:show, :edit, :update, :destroy]
# GET /project_sites
# GET /project_sites.json
def index
#project_sites = ProjectSite.all.order("created_at DESC")
end
# GET /project_sites/1
# GET /project_sites/1.json
def show
#manager_remark = ManagerRemark.new
#manager_remark.project_site_id = #project_site.id
end
# GET /project_sites/new
def new
#project_site = ProjectSite.new
end
# GET /project_sites/1/edit
def edit
end
# POST /project_sites
# POST /project_sites.json
def create
#project_site = ProjectSite.new(project_site_params)
respond_to do |format|
if #project_site.save
format.html { redirect_to #project_site, notice: 'Project site was successfully created.' }
format.json { render :show, status: :created, location: #project_site }
else
format.html { render :new }
format.json { render json: #project_site.errors, status: :unprocessable_entity }
end
end
end
# PATCH/PUT /project_sites/1
# PATCH/PUT /project_sites/1.json
def update
respond_to do |format|
if #project_site.update(project_site_params)
format.html { redirect_to #project_site, notice: 'Project site was successfully updated.' }
format.json { render :show, status: :ok, location: #project_site }
else
format.html { render :edit }
format.json { render json: #project_site.errors, status: :unprocessable_entity }
end
end
end
# DELETE /project_sites/1
# DELETE /project_sites/1.json
def destroy
#project_site.destroy
respond_to do |format|
format.html { redirect_to project_sites_url, notice: 'Project site was successfully destroyed.' }
format.json { head :no_content }
end
end
private
# Use callbacks to share common setup or constraints between actions.
def set_project_site
#project_site = ProjectSite.find(params[:id])
end
# Never trust parameters frmanager_level_twoom the scary internet, only allow the white list through.
def project_site_params
params.require(:project_site).permit(:name, :date, :file)
end
def is_project_site?
redirect_to root_path unless (current_user.role=='project_site')
end
end
This is how my manage remark controller looks.
Manager_Remarks_controller.rb
class ManagerRemarksController < ApplicationController
def create
#manager_remark = ManagerRemark.new(remark_params)
#manager_remark.project_site_id = params[:project_site_id]
#manager_remark.save
redirect_to project_site_path(#manager_remark.project_site)
end
def remark_params
params.require(:manager_remark).permit(:name, :remark, :decision)
end
end
I am trying to pass an attribute to an object that is being created by a link. I am on the show view of another object and I want to have two links available one that will make the :attribute false and the other to make the :attribute true. I have it set up so the default value of the this attribute is false and I tried using something like below, but it just saves it as nil in the database:
<%= link_to "Yes", new_building_listing_appointment_rented_unit_path(#building, #listing, #appointment, #rented_unit, leased: true) %>>
controller
class RentedUnitsController < ApplicationController
before_action :building
before_action :listing
before_action :appointment
before_action :set_rented_unit, only: [:show, :edit, :update, :destroy]
# GET /rented_units
# GET /rented_units.json
def index
#rented_units = appointment.rented_units
end
# GET /rented_units/1
# GET /rented_units/1.json
def show
end
# GET /rented_units/new
def new
#rented_unit = appointment.rented_units.new
end
# GET /rented_units/1/edit
def edit
end
# POST /rented_units
# POST /rented_units.json
def create
#rented_unit = appointment.rented_units.new(rented_unit_params)
respond_to do |format|
if #rented_unit.save
format.html { redirect_to [building, listing, appointment, #rented_unit], notice: 'Rented unit was successfully created.' }
format.json { render :show, status: :created, location: #rented_unit }
else
format.html { render :new }
format.json { render json: #rented_unit.errors, status: :unprocessable_entity }
end
end
end
# PATCH/PUT /rented_units/1
# PATCH/PUT /rented_units/1.json
def update
respond_to do |format|
if #rented_unit.update(rented_unit_params)
format.html { redirect_to [building, listing, appointment, #rented_unit], notice: 'Rented unit was successfully updated.' }
format.json { render :show, status: :ok, location: #rented_unit }
else
format.html { render :edit }
format.json { render json: #rented_unit.errors, status: :unprocessable_entity }
end
end
end
# DELETE /rented_units/1
# DELETE /rented_units/1.json
def destroy
#rented_unit.destroy
respond_to do |format|
format.html { redirect_to building_listing_appointment_rented_units_path(#building, #listing, #appointment), notice: 'Rented unit was successfully destroyed.' }
format.json { head :no_content }
end
end
private
# Use callbacks to share common setup or constraints between actions.
def set_rented_unit
#rented_unit = appointment.rented_units.find(params[:id])
end
# Never trust parameters from the scary internet, only allow the white list through.
def rented_unit_params
params.require(:rented_unit).permit(:unit_no, :unit_model, :price, :bedrooms, :bathrooms, :half_baths, :square_footage, :leased, :appointment_id)
end
def building
#building ||= Building.find(params[:building_id])
end
def listing
#listing ||= Listing.find(params[:listing_id])
end
def appointment
#appointment ||= Appointment.find(params[:appointment_id])
end
end
From what I understand you are looking to populate leased attribute auto when you open a new from from the link.
You need to give the param param to the link.
<%= link_to "Yes", new_building_listing_appointment_rented_unit_path(#building, #listing, #appointment, #rented_unit, rented_unit: { leased: true } ) %>>
In the controller then you can do some thing like
# GET /rented_units/new
def new
#rented_unit = appointment.rented_units.new(rented_unit_params)
end
Then, in the new form you will see the checkbox (or other control) selected.
I'm using rails 4 and actionmailer to allow users to edit a generated email before letting it send.
When I try to load the editing page, I get this error.
Showing /var/www/rqm3/app/views/rfis/mail.html.erb where line #5 raised:
undefined method `body' for nil:NilClass
Here's line 5 for referrence.
<%= text_area_tag :email_body, #mail_message.html_part.body.raw_source,class:"tinymce", rows:40, cols:120 %>
I have #mail_message set from my controller here.
def mail
#mail_message = RfiMailer.send_rfi(current_user, #rfi)
end
Thanks to anyone that helps.
EDIT:
rfis_controller:
class RfisController < ApplicationController
before_action :set_rfi, only: [:show, :edit, :update, :destroy, :mail]
before_action :authenticate_user!
# GET /rfis
# GET /rfis.json
def index
#rfis = Rfi.all
end
# GET /rfis/1
# GET /rfis/1.json
def show
end
# GET /rfis/new
def new
#rfi = Rfi.new
end
# GET /rfis/1/edit
def edit
end
def send_rfi
end
def mail
#mail_message = RfiMailer.send_rfi(current_user)
# #mail_message = RfqMailer.placeholder_message(current_user, Rfq.last)
end
# POST /rfis
# POST /rfis.json
def create
#rfi = Rfi.new(rfi_params)
respond_to do |format|
if #rfi.save
format.html { redirect_to mail_rfi_url(#rfi), notice: 'Rfi was successfully created.' }
format.json { render :show, status: :created, location: #rfi }
else
format.html { render :new }
format.json { render json: #rfi.errors, status: :unprocessable_entity }
end
end
end
# PATCH/PUT /rfis/1
# PATCH/PUT /rfis/1.json
def update
respond_to do |format|
if #rfi.update(rfi_params)
format.html { redirect_to #rfi, notice: 'Rfi was successfully updated.' }
format.json { render :show, status: :ok, location: #rfi }
else
format.html { render :edit }
format.json { render json: #rfi.errors, status: :unprocessable_entity }
end
end
end
# DELETE /rfis/1
# DELETE /rfis/1.json
def destroy
#rfi.destroy
respond_to do |format|
format.html { redirect_to rfis_url, notice: 'Rfi was successfully destroyed.' }
format.json { head :no_content }
end
end
private
# Use callbacks to share common setup or constraints between actions.
def set_rfi
#rfi = Rfi.find(params[:id])
end
# Never trust parameters from the scary internet, only allow the white list through.
def rfi_params
params.require(:rfi).permit(:due, :rfi_type, :parties, :reference, :svg_ref, :vendor_ref, :email_body)
end
end
rfi_mailer.rb
class RfiMailer < ApplicationMailer
default from:"test#test.com"
def send_rfi(user)
mail(to:"someemail", subject:"test")
end
end
first of all, some cleanup
before_action :set_rfi, only: [:show, :edit, :update, :destroy, :mail]
you can also write
before_action :set_rfi, except: [:index, :new]
back to topic
html_part is nil, thats why you cant use the body of it and it throws a exception.
please make sure that your email is having 2 templates, one for the text-part and one for the html-part. further details on that at the rails Doc
http://guides.rubyonrails.org/action_mailer_basics.html#mailer-views
Users can create guides only when they're logged in.
When I click on the 'New Guide' link, this is what Heroku's log puts out:
2013-12-30T20:28:37.826032+00:00 app[web.1]: ActiveRecord::UnknownAttributeError (unknown attribute: user_id):
GuidesController:
class GuidesController < ApplicationController
before_action :set_guide, only: [:show, :edit, :update, :destroy]
before_action :authenticate_user!, except: [:index, :show]
# GET /guides
# GET /guides.json
def index
if params[:tag]
#guides = Guide.tagged_with(params[:tag])
else
#guides = Guide.all
end
end
# GET /guides/1
# GET /guides/1.json
def show
end
# GET /guides/new
def new
#guide = current_user.guides.build(guide_params)
end
# GET /guides/1/edit
def edit
end
# POST /guides
# POST /guides.json
def create
#guide = current_user.guides.build(guide_params)
respond_to do |format|
if #guide.save
format.html { redirect_to #guide, notice: 'Guide was successfully created.' }
format.json { render action: 'show', status: :created, location: #guide }
else
format.html { render action: 'new' }
format.json { render json: #guide.errors, status: :unprocessable_entity }
end
end
end
# PATCH/PUT /guides/1
# PATCH/PUT /guides/1.json
def update
respond_to do |format|
if #guide.update(guide_params)
format.html { redirect_to #guide, notice: 'Guide was successfully updated.' }
format.json { head :no_content }
else
format.html { render action: 'edit' }
format.json { render json: #guide.errors, status: :unprocessable_entity }
end
end
end
# DELETE /guides/1
# DELETE /guides/1.json
def destroy
#guide.destroy
respond_to do |format|
format.html { redirect_to guides_url }
format.json { head :no_content }
end
end
private
# Use callbacks to share common setup or constraints between actions.
def set_guide
#guide = Guide.find(params[:id])
end
# Never trust parameters from the scary internet, only allow the white list through.
def guide_params
params.require(:guide).permit(:title, :author, :description, :link, :tag_list) if params[:guide]
end
end
You have this in your new action
def new
#guide = current_user.guides.build(guide_params)
end
Why? The new action should just return the form to the browser to create a new guide. You repeat this in your create action, where it should be.
Also your index has this:
def index
if params[:tag]
#guides = Guide.tagged_with(params[:tag])
else
#guides = Guide.all
end
end
You should probably be using guide_params[:tag] since the :tag is being returned by the browser.
EDIT I see you are using [:tag_list] in your whitelist. I assume you are handing that somewhere else? Have you tested the ability to do an index action with a tag defined? I think the only place you want to use bare params[:xxxx] is in a private method.