I'm trying to limit access to a certain attribute when updating.
An admin is allowed to update all of a Need anytime they want, except they can only update the Need's is_public bool only if need_state is in_progress.
CanCan doesn't allow a way to limit the update action based on specific attributes that are being set... so I thought they only way to accomplish this was to make a special method called set_is_public.
I've got my form calling to it and it's sending the following params:
{"utf8"=>"✓",
"authenticity_token"=>"2u9AZ7AJDYQrXm3LubMAxlxhjbsQ14myUTyOSyvoKzk=",
"need"=>{"id"=>"5",
"is_public"=>"true"},
"commit"=>"Set as Public"}
How do you go about updating that need in the action in the controller?
I can't figure out how to read those params in and:
Find the need based on the id;
Update its is_public attribute to the value of the is_public param.
The params you posted show a nested hashed, so you should just need to do something like :
the_need = Need.find( params["need"]["id"] )
the_need.is_public = params["need"]["is_public"]
the_need.save
I hope that helps!
Edited to add : you may need to deal with parameter restrictions, depending on your version of Rails, one technique is a before filter that does :
params.require(:need).permit(:id, :is_public)
Please clarify your question if this is not helping
Related
I've seen strong parameters used for write HTTP verbs,
for example in rails
User.new( params.require(:user).permit(:name) )
but usually you wont see this kind of param whitelisting for HTTTP GET, why? i imagine it must be because of writes are more sensitive, but can't think of specific explanation.
Strong parameters were added to make sure that no model attributes would be updated which you did not specifically allow. If a user is able to change his/her website URL, you probably don't want him/her to change the role_id attribute, which would be trivial if you did not sanitize the input.
GET requests are typically not used to create or update models.
I'm new to Rails and Android, so please don't blame me if the question was answered before somewhere, but after searching for an answer I did't find anything.
Question: How do I assure that Rails creates or updates the field IP which should also be unique in the database. I sent a HTTP POST from Android device to "http://192.168.5.3:3000/users/create?user[user_ip]="+myIp+"user[user_name]="+name
So on the Rails' server side, Rails should check if myIp already exists and if so, it should update the "user_name" to "name", and if it won't find myIp, it should create a new record with both fields.
Should I use before_create in the user.rb model? Or how do I do that? Should I use POST or PUT? If I should use PUT, then I don't know the id if the user exists.
Or shouldn't I use the Rails action "create" at all and write a custom Webservice method?
Sorry for such maybe lame question but somehow I can't figure it out!
Thanks for help in advance!
You want to use PUT for update and POST for create. If you know the user exists, but you don't have the id, you would use a PUT request, and in the update method, you would have something like this:
def update
#user = User.find_by_ip(params[:ip])
if #user.update_attributes(...)
#success
else
#failure
end
end
Again, the ideal method would be to pass the id into the update, but if you are unable to do that, you don't want to sacrifice RESTful conventions.
I am trying to create some search function.
I do want users to be able to check checkboxes.
When the form submitted the ID of the companies should be send as params to a given URL.
In my controller i need to create some search action, I just dont know how to params are gonna be.
def search
#companyies = Company.find(find all the companies that match the params)'
end
How should I create the checkbox loop?
How should I create the search action?
Regarding the use of check boxes, this might be of some help to you.
A Railscast by Ryan Bates
Instead of rolling your own search system, you may have better luck using something like searchlogic that does most of this for you.
Is "action" as a input field name forbidden? Because everything works except the assignment of the "action" param.
because action, controller are prohibited words.
Look around debug params
--- !map:ActiveSupport::HashWithIndifferentAccess
action: index
controller: main
so you can't use those params. Because they will be REWRITED AUTOMATICALLY
I would suggest NOT using words like action, name, method as field names as they are all attributes of the form tag and are likely to get confused when the form is posted
I agree with jbeynon, I would also say anything that has to do with CRUD(Create, Read, Update, Delete) is protected also.
I don't see why this would be invalid. You'd want to avoid conflicting with existing class or method names (e.g. not a good idea to define a method called action on a controller).
everything works except the assignment
of the "action" param.
Does this generate an error? If so, what exactly?
I am attempting to use the validate decorator in Pylons with FormEncode and I have encountered an issue. I am attempting to validate a form on a controller action that requires parameters, and if the validation fails, the parameters aren't passed back in when the form is re-rendered. Here's an example.
def question_set(self, id):
c.question_set = meta.Session.query(QuestionSet).filter_by(id=id).first()
c.question_subjects = meta.Session.query(QuestionSubject).order_by(QuestionSubject.name).all()
return render('/derived/admin/question_set.mako')
This is the controller action that contains my form. The form will add questions to an existing question set, which is identified by id. My add question controller action looks like this:
#validate(schema=QuestionForm(), form='question_set', post_only=True)
def add_question(self):
stuff...
Now, if the validation fails FormEncode attempts to redisplay the question_set form, but it does not pass the id parameter back in, so the question set form will not render. Is it possible to pass the id back in with the #validate decorator, or do I need to use a different method to achieve what I am attempting to do?
I think the problem is that add_question() doesn't receive id argument. Try to set up your routing so that add_question() receives it not only in POST vars but also as argument and see if it fixes the issue.
I had a similar issue. I adjusted my route to include the id and it worked.