So in my wiki model I have an attribute for private. If private is true then the wiki should not be viewable to users who are not assign to the wiki_ids via a HABTM relationship.
wiki.rb:
class Wiki
include Mongoid::Document
include Mongoid::Timestamps
has_and_belongs_to_many :users
field :title, type: String
field :body, type: String
field :private, type: Boolean, default: false
scope :visible_to, ->(user) {
user.present? || user.blank? ?
where(:private => false) : where(:private => false).or(:id => user.wiki_ids)
}
def public?
!self.private?
end
end
WikisController:
def index
##wikis = policy_scope(Wiki)
##wikis = Wiki.all
#wikis = Wiki.visible_to(current_user)
authorize #wikis
end
def show
#wiki = Wiki.find(params[:id])
end
def new
#wiki = Wiki.new
authorize #wiki
end
def create
#wiki = current_user.wikis.build(params.require(:wiki).permit(:title, :body, :private, :user))
authorize #wiki
if #wiki.save
flash[:notice] = "Wiki was saved."
redirect_to #wiki
# report success
else
flash[:error] = "There was an error saving your wiki. Please try again."
render :new
end
I'm pretty confident its the scope that needs to be modified in the model, because if i comment out the scope in the model and replace the index in the controler to Wiki.all. I see all the wikis.
As of right now as somebody who created the wiki plus flagged it private and I am logged in I do not see that wiki nor does anybody that I add as a user to the wiki.
I tried adding other conditions to the end such as user.present? ? where(:id => user.wiki_ids) and user.present? && where(:id => user.wiki_ids) but just get errors thrown back at me.
DB entry for User:
User_id: 547eb8867261691268000000, wiki_ids: [BSON::ObjectId('54807226726 1690be0260000'),
BSON::ObjectId('5480735c7261690bae000000'), BSON::ObjectId('548
136e57261690aef000000'), BSON::ObjectId('5489af337261690d95000000'),
BSON::Objec tId('5489b57e7261690d95010000'),
BSON::ObjectId('548f9f607261690bb5060000'), BSO
N::ObjectId('54908f127261690be8000000'),
BSON::ObjectId('54908f207261690be801000 0')], name: "Carey VonRueden",
email: "admin#email.com", encrypted_password: "$2a
$10$NrlQ2XH64UucOPcI1aje9.57eoSO74676264YrIjfGvncyGcpGWy",
reset_password_token : nil, reset_password_sent_at: nil,
remember_created_at: nil, sign_in_count: 7, current_sign_in_at:
2014-12-17 18:51:15 UTC, last_sign_in_at: 2014-12-16 02:38:5 8 UTC,
current_sign_in_ip: "10.0.2.2", last_sign_in_ip: "10.0.2.2",
confirmation
_token: nil, confirmed_at: 2014-12-03 07:15:18 UTC, confirmation_sent_at: nil, u nconfirmed_email: nil, role: "admin">
DB entry for Wiki:
Wiki _id: 54908f207261690be8010000, created_at: 2014-12-16 19:59:28 UTC, updated_at: 2014-12-16 19:59:28 UTC, user_ids:
[BSON::ObjectId('547eb886726169126 8000000')], title: "Private", body:
"Private", private: true>
your scope condition is wrong
user.present? || user.blank? -> this will be true always. if user is present or user is blank, it will always return only the public wikis
Change your scope to something like below.(assuming you want all public wiki's if user is not signed in. If user is signed in, you want public + the wikis created by user)
scope :visible_to, ->(user) {
user.nil? ? where(:private => false) : where(:private => false).or(:id => user.wiki_ids)
}
If you are still not getting what you are expecting, check if user.wiki_ids is returning the right values
Related
I'm writing a simple Rails api that connects to a legacy SQL Server database. I am testing my REST actions for my contacts controller. When using FactoryGirl to create test objects, I ran into the error message mentioned in the title. My index and show actions work fine, but the create action is throwing this error. The relevant parts of my contacts_controller look like this:
def create
contact = Contact.new(contact_params)
if contact.save
render json: contact, status: 201, location: [:api, contact]
else
render json: { errors: contact.errors }, status: 422
end
end
...
private
def contact_params
params.require(:contact).permit(:name, :address_1, :city, :zip_code_5, :country)
end
And here is the relevant test code:
describe "POST #create" do
context "when is successfully created" do
before(:each) do
#user = FactoryGirl.create :user
#contact = FactoryGirl.create :contact
post :create, { contact: #contact }
end
it "renders the json representation for the contact record just created" do
contact_response = json_response
expect(contact_response[:name]).to eq #contact_attributes[:name]
end
it { should respond_with 201 }
end
end
The model:
class Contact < ActiveRecord::Base
belongs_to :user
validates :name, :address_1, :city, :zip_code_5, :country, :createddate, presence: true
end
The serializer (using the active_model_serializer gem):
class ContactSerializer < ActiveModel::Serializer
belongs_to :user
attributes :id, :name, :address_1, :city, :zip_code_5, :country
end
Things I've tried include:
Changing the 'belongs_to' to 'has_one' in the serializer (no change)
Removing the 'zip_code_5' from the permite...require line (strangely, I still got the error message about this property, perhaps because of the serializer?)
Removing the serializer (no change)
Any thoughts? I'm happy to provide any more necessary information.
EDIT
The value of #contact when it's passed to the create action:
#<Contact id: 89815, user_id: "d67b0d57-8f7f-4854-95b5-f07105741fa8", title: nil, firstname: nil, lastname: nil, name: "Alene Stark", company: nil, address_1: "72885 Bauch Island", address_2: nil, address_3: nil, city: "Joestad", state: nil, zip_code_5: "98117", zip_code_4: nil, country: "MF", status_id: 1, createddate: "2015-10-23 07:00:00", lastmodifieddate: "2012-11-29 08:00:00", errorreasonid: nil, computergenerated: true, sandbox: true, emailsubject: nil, jobtitle: nil, mergevar1: nil, mergevar2: nil, mergevar3: nil, mergevar4: nil, mergevar5: nil, mergevar6: nil, mergevar7: nil, mergevar8: nil, mergevar9: nil, mergevar10: nil, clientid: 1, isshared: true>
The value of params[:contact] at runtime:
{"city"=>"Seattle", "state"=>"WA", "zip_code_5"=>"98117", "country"=>"US"}
I also have my wrap parameters set to :json format, if that's relevant.
I used the console to recreate what my test was doing. I discovered that Contact was being passed as a string, instead of a hash. After a little Googling, I passed the #contact object as #contact.attributes, which passes a hash of the object. This solved the 'permit' problem, thanks for pointing me in the right direction.
I have a date field that is not a required field. I am using Chronic to format the user input string to a valid rails format for a date field. If Chronic is unable to parse the date, I would like to raise an error, rendering the edit view with the respective error message and the originally input value. Currently the update is successful if an invalid date is entered but nothing is updated for the service_date field.
new.html.erb
<%= f.text_field :service_date_text %>
bill.rb
require 'chronic'
class Bill < ActiveRecord::Base
def service_date_text
service_date.try(:strftime, "%m/%d/%Y")
end
def service_date_text=(date)
if date.present?
if Chronic.parse(date)
self.service_date = Chronic.parse(date)
else
self.errors.add(:service_date_text, "invalid date format hello.")
end
else
self.service_date = ''
end
end
end
bills_controller.rb
def update
#bill = current_account.bills.find(params[:id])
if #bill.update_attributes(bill_params)
redirect_to #bill, notice: 'Bill has been successfully updated.'
else
render :edit
end
end
private
def bill_params
params.require(:bill).permit(:description, :notes, :po_number, :service_date_text)
end
errors is cleared whenever you run valid?, which update_attributes does.
Example:
irb(main):001:0> album = Album.new
=> #<Album id: nil, name: nil, release_date: nil, rating: nil, genre_id: nil,
artist_id: nil, created_at: nil, updated_at: nil>
irb(main):004:0> album.errors.add :artist, "You've selected Justin Bieber (!!!)"
=> ["You've selected Justin Bieber (!!!)"]
irb(main):006:0> album.errors.messages
=> {:artist=>["You've selected Justin Bieber (!!!)"]}
irb(main):007:0> album.valid?
=> true
irb(main):008:0> album.errors.messages
=> {}
Don't abuse setters, use proper validations. For example (not tested):
require 'chronic'
class Bill < ActiveRecord::Base
validate :service_date_validation
def service_date_text
service_date.try(:strftime, "%m/%d/%Y")
end
def service_date_text=(date)
if date.present?
if Chronic.parse(date)
self.service_date = Chronic.parse(date)
else
self.service_date = false
end
else
self.service_date = ''
end
end
private
def service_date_validation
if self.service_date == false
self.errors.add(:service_date_text, "invalid date format hello.")
end
end
end
... There are also some gems which provide date validations, such as:
https://rubygems.org/gems/validates_timeliness
https://rubygems.org/gems/date_validator
https://rubygems.org/gems/rails_validations (disclaimer: I am the author)
... as well as some others...
I'll bet the issue is that Rails doesn't expect setter methods to add errors. I would make service_date_text just an attr_accessor and then call a validate method which sets service_date or adds an error.
attr_accessor :service_date_text
validate :service_date_text_format
private
def service_date_text_format
return unless service_date_text # or self.service_date ||= '' and then return
if date = Chronic.parse(date)
self.service_date = date
else
errors.add(:service_date, 'invalid format')
end
end
I use this logic in my app:
controller
#current_user = User.find_or_create_from_oauth(auth_hash)
user.rb
def self.find_or_create_from_oauth(auth_hash)
provider = auth_hash["provider"]
uid = auth_hash["uid"].to_s
case provider
when 'twitter'
if user = self.find_by_twitter_uid(uid)
return user
else
return self.create_user_from_twitter(auth_hash)
end
end
end
def self.create_user_from_twitter(auth_hash)
a = self.create({
:twitter_uid => auth_hash["uid"],
:name => auth_hash["info"]["name"]
})
puts a.inspect
user = User.find_by_twitter_uid(a.twitter_uid)
puts '---'
puts user.inspect
end
Immediately after self.create I would need to run this line:
Assignment.create(:user_id => a.id, :role_id => 2)
The problem is, that the line puts user.inspect return something like this:
#<User id: nil, name: "...name...", twitter_uid: "96580821", provider: "twitter", created_at: nil, updated_at: nil>
Why is in the hash returned id: nil?
Or, is there any other way, how to get the ID of last created record?
If the user has been correctly saved, you can use directly a:
a.assignments.create(:role_id => 2)
Otherwise (check using create! instead of create) there may be a validation error.
My Controller (User Controller)
def reset_password
#user = User.find_by_reset_code(params[:reset_code]) unless params[:reset_code].nil?
if request.post?
if #user && #user.update_attributes(:password => params[:user][:password], :password_confirmation => params[:user][:password_confirmation])
self.current_user = #user
#user.delete_reset_code
flash[:success] = t('helpers.password_reset_successful')
render :template => "sessions/new"
else
flash[:error] = t('helpers.password_reset_error')
redirect_to root_path
end
end
end
I would like test it and I do...
it "POST 'reset password with reset code page'" do
#user.reset_code = Digest::SHA1.hexdigest( Time.now.to_s.split(//).sort_by {rand}.join )
User.should_receive(:find_by_reset_code).with(#user.reset_code)
post :reset_password, :user => {"id" => #user.id}
end
But I've exception in Rspec -
Failure/Error: User.should_receive(:find_by_reset_code).with(#user.reset_code)
(<User(id: integer, name: string, email: string, encrypted_password: string, salt: string, created_at: datetime, updated_at: datetime, admin: boolean, reset_code: string) (class)>).find_by_reset_code("acd8a322d9554fbde375f5c39446276188a41678")
expected: 1 time
received: 0 times
What's wrong?
There is no reset_code param in your request.
Replace with:
post :reset_password, :reset_code => #user.reset_code
And you'd rather do:
User.should_receive(:find_by_reset_code).with(#user.reset_code).and_return #user
I have this method
def last_board
user = current_user #current_user
boards = current_user.boards #return every boards that belongs to current_user e.g. [#<Board _id: 4f2968ac1d41c81c7c000063, _type: "Board", created_at...]
followers = user.all_followers #return every followers of user [#<User _id: 4f2862b21d41c847e200005b, _type: "User" reset_password_sent_at: nil, confirmation_token: nil,...]
followers.each do |follower|
boards.each do |board|
# I want to be a follower of user, if I am following at least one board of this user
#I want run this code, "follower.unfollow(user)", only if follower does not following any user's board.
#this method "follower.follower_of?(board)" return true or false if follower follow board
end
end
you can something like this
followers.each do |follower|
is_having_any_board = false
follower.boards.each do |follower_board|
boards.each do |board|
if(follower_board.id == board.id)#delete last )
is_having_any_board = true
break;
end
end
end
if(is_having_any_board)
follower.follow(user)
else
follower.unfollow(user)
end
end