So I'm working on the registration aspect of the site currently. I have a main sign up which is just full name, email and password. (aka new.html.erb)
After you fill in that information I direct you to a new site (setup.html.erb) and ask for more info like city, country etc.
On that you also have the edit profile account.
I am trying to make my app more secure and adding restrictions and presence etc in the model. However how can I limit them.
Currently if I do
validates :email, presence: true,
and I go to a form that doesn't even contain the email for nor permits it I get an error up that I need to add an email.
Also how do I fix this: I make presence true, I input require in html5. But still if I go to my source code and just remove the form and push submit it saves and I can bypass adding info.
Currently if I do validates :email, presence: true,
and I go to a form that doesn't even contain the email for nor permits it I get an error up that I need to add an email.
Fix:
what you need is a conditional validation. If we look at rail guides it says
Sometimes it will make sense to validate an object only when a given predicate is satisfied. You can do that by using the :if and :unless options, which can take a symbol, a string, a Proc or an Array.
So in your model you could do something like:
class Order < ActiveRecord::Base
validates :email, presence: true, if: :need_to_validate?
def need_to_validate?
#your condition to check whether you want email validation or not
end
end
Update:
You can use params[:action] and params[:controller] smartly to check in which action and controller(hence which view) you currently are in so your method would be:
def need_to_validate?
params[:action] == your_view_action && params[:controller] == your_controller_name #your condition to check whether you want email validation or not
end
Related
I have a Rails 3.2.18 app where I'm trying to do some conditional validation on a model.
In the call model there are two fields :location_id (which is an association to a list of pre-defined locations) and :location_other (which is a text field where someone could type in a string or in this case an address).
What I want to be able to do is use validations when creating a call to where either the :location_id or :location_other is validated to be present.
I've read through the Rails validations guide and am a little confused. Was hoping someone could shed some light on how to do this easily with a conditional.
I believe this is what you're looking for:
class Call < ActiveRecord::Base
validate :location_id_or_other
def location_id_or_other
if location_id.blank? && location_other.blank?
errors.add(:location_other, 'needs to be present if location_id is not present')
end
end
end
location_id_or_other is a custom validation method that checks if location_id and location_other are blank. If they both are, then it adds a validation error. If the presence of location_id and location_other is an exclusive or, i.e. only one of the two can be present, not either, and not both, then you can make the following change to the if block in the method.
if location_id.blank? == location_other.blank?
errors.add(:location_other, "must be present if location_id isn't, but can't be present if location_id is")
end
Alternate Solution
class Call < ActiveRecord::Base
validates :location_id, presence: true, unless: :location_other
validates :location_other, presence: true, unless: :location_id
end
This solution (only) works if the presence of location_id and location_other is an exclusive or.
Check out the Rails Validation Guide for more information.
I have two separate forms for a profile picture and the rest of the profile information. Both forms, however, correspond to the profile model. For several of the profile attributes, I have validations like:
validates :title, presence: true
validates :zip_code, presence: true
The problem is that the validations are checked when someone tried to upload an image, which I don't want. That being said, I also have an image validator, so I don't want to avoid validation completely, just certain ones. I was thinking of trying to access the params hash in the model, but I can't figure out how and I'm pretty certain its a bad idea anyway. How can I make the right validation conditions? I already tried this:
validates :title, presence: true, :unless => :picture_exists?
def picture_exists?
if self.pic
puts 'yo pic exist'
return true
else
puts 'yo no pic'
return false
end
end
but it does not work because it checks whether or not the profile has a picture, not whether the params have a picture. So if someone had already saved a picture, they would be able to bypass the validations which I don't want. I want the validations to be bypassed when they are not using the picture submit form.
You can approach the issue in several ways:
1.- Skip all validations in your controller action (and validate manually, I guess)
save(validate: false) (source)
2.- Use a condition that you set manually before saving like this.
3.- Use a custom validation that stops all other validations from triggering if passes.
Maybe you can come up with more.
PS: Why would you expect your user to bypass the other validations before setting the profile picture?
GL & HF
I have a user object, he can update his profile which includes name, user_name, password (blank), password_confirmation (blank), email, email_confirmation (blank), bio and picture url.
My model states that all of the (blank) MUST be filled in. but if your admin and your just going to the users page to update the user's role - You as the admin should not have to fill in user data you obviously don't know.
So how does one get around this? should I instead create a list of users with a drop down beside them? is this not, essentially , a giant form? If so - how would this get created?
essentially: What's the best way to deal with this situation?
This is currently how users get updated
def update
#user = User.friendly.find(params[:id])
#user.update_attributes(user_update_params)
if #user.save
render :show
else
render :edit
end
end
private
def user_update_params
params.require(:user).permit(:name, :user_name, :email, :email_confirmation, :password,
:password_confirmation, :bio, :picture_url, :role)
end
The real problem seems to be that you have a logical error in your User model validations.
You seem to have a validation of the form,
validates :password, presence: true, confirmation: true
which is enforced EVERY TIME, i.e. a new password has to be selected every single time a user object is saved. But this is likely not what you want. You likely want this validation to only be enforced when the user is created for the first time, i.e. when it is a new record.
You can do this with,
validates :password, presence: true, confirmation: true, if: :new_record?
update_attribute
Updates the attribute without doing validations, you need this one.
check out this api doc
EDIT:
Speaking about reading documentation
Here is an abstract from the method documentation
update_attribute(name, value) public
Updates a single attribute and saves the record. This is especially
useful for boolean flags on existing records. Also note that
Validation is skipped.
Callbacks are invoked.
updated_at/updated_on column is updated if that column is available.
Updates all the attributes that are dirty in this object.
EDIT:
If you still need to validate with this method, note that it says that callbacks are invoked, so what you can do is write your own code to validate input and use callbacks as described here.
I am a rails newbie and I have started hacking together a web app.
I used devise to set up user registrations and also generated the devise views templates.
I added custom models in there - username, first name, surname etc. I then added them in the attr_accessor in user.rb etc. and validates for the presence of these details
I thought of adding these elements in the edit registration form which worked successfully.
On the signup page - the code asks only for email, password, confirm password (as is set as default by devise).
If i now try and register as a new user (after all these steps), i get an error saying that First name cannot be empty, surname cannot be empty etc.
How can i exclude these from the sign up yet keep them active in the user profile edit?
I hope I'm making sense.thanks for your help in advance
If I understand correctly, during signup/registration you want to only ask for email and password, excluding the other User model attributes (first name, surname) from that form. However you also want to later have these other attributes validated when the user edits their profile.
So since you are validating for the presence of these extra attributes which are not provided when the signup form is submitted, the attempt to create a new user record simply fails to create at validation.
Try the :on => :update validation option to specify that certain fields should only be validated when later updated, rather than the default which is to validate any time a record is saved. Like this:
class User < ActiveRecord::Base
validates :email, :presence => true
validates :firstname, :presence => true, :on => :update
validates :surname, :presence => true, :on => :update
...
end
See http://guides.rubyonrails.org/active_record_validations_callbacks.html#on
you can go into your views > devise folder and create a registrations folder if its not there and make a new.html.erb
have a look at the file that you find under the link:
https://github.com/plataformatec/devise/blob/master/app/views/devise/registrations/new.html.erb
copy it to your new file and customize it as you want... it should overwrite the devise default view.
I've got a User model with three fields, :email, :display_name and :handle. Handle is created behind the scenes from the :display_name.
I'm using the following validations:
validates :display_name, :presence => :true, :uniqueness => { :message => "Sorry, another user has already chosen that name."}, :on => :update
validates :email, :presence => :true, :uniqueness => { :message => "An account with that email already exists." }
I use the handle as the to_param in the model. If the user fails the validation by submitting a :display_name that already exists, then tries to change it and resubmit the form, Rails seems to use the new handle as the validation for the email -- in other words, it assumes that the email doesn't belong to the current user and validation on the email then fails. At this point, Rails assumes that the changed display name/handle is the one to use for the look up and the update action can't complete at all, because it can't find the user based on the new handle.
Here's the update method:
def update
#user = User.find_by_handle(params[:id])
#handle = params[:user][:display_name]
#user.handle = #handle.parameterize
...
end
This problem doesn't happen when the validation first fails on a duplicate email, so I'm assuming it's something about the way I've written the update method -- maybe I should try setting the handle in the model?
maybe I should try setting the handle in the model?
^ This.
The controller isn't the place to do something like this. If it's model logic that's happening behind the scenes, beyond the user's control, why put it in controller code?
Do it instead in a before_save filter, which is guaranteed to run only after the chosen display name is determined to be available and the record is deemed valid. In this way the handle won't be changed on the cached record until it is actually committed to the db, eliminating the problem of the incorrectly generated URL.
before_save :generate_handle
...
def generate_handle
self.handle = display_name.parameterize
end