I decided after creating a User model through Devise to add a column for a username. I realized that I'd need to make it accessible so that the database would update correctly when a user submits the new user form. I then realized that since this is Rails 4 I have to do that through the controller, and Devise doesn't make a controller for my User model available. So I followed the instructions at the Devise page and created my own custom controller and changed the route to use it. Here is my custom controller, which I placed in apps/controllers/users:
class Users::RegistrationsController < Devise::RegistrationsController
def new
super
end
def create
super
end
def edit
super
end
private
def user_params
params.require(:user).permit(:username, :email, :password, :password_confirmation)
end
end
I then modified routes.db with:
devise_for :users, :controllers => { :registrations => "users/registrations" }.
My form looks like this:
<%= form_for(resource, :as => resource_name, :url => registration_path(resource_name), :html => {:class => 'form-horizontal'}) do |f| %>
<%= devise_error_messages! %>
<div class="control-group">
<div class="control-label">
<%= f.label :username %>
</div>
<div class="controls">
<%= f.text_field :username %>
</div>
</div>
<div class="control-group">
<div class="control-label">
<%= f.label :email %>
</div>
<div class="controls">
<%= f.email_field :email, :autofocus => true %>
</div>
</div>
<div class="control-group">
<div class="control-label">
<%= f.label :password %>
</div>
<div class="controls">
<%= f.password_field :password %>
</div>
</div>
<div class="control-group">
<div class="control-label">
<%= f.label :password_confirmation %>
</div>
<div class="controls">
<%= f.password_field :password_confirmation %>
</div>
</div>
<div class="control-group">
<div class="controls">
<%= f.submit "Sign up" %>
</div>
</div>
<div class="control-group">
<div class="controls">
Already have an account? <%= render "devise/shared/links" %>
</div>
</div>
<% end %>
I copied the /devise/registrations' views to/users/registrations` per the instructions at the Devise page.
I'm not getting any errors but for whatever reason when I test the form it writes everything to the database except the username. I can go into the rails console and create users with usernames but it just won't happen with the form. My goal is to get the following line of code in application.html.erb to work:
Logged in as <%= current_user.username %>
But it never works and the failure is reflected in the console, which keeps showing the username as "nil."
Anyone know what I'm doing wrong? Where is the mistake?? I ran into a similar problem with my Post model with certain things not updating but I was able to fix it by changing which attributes were accessible in PostController. Thanks for any help!
Looking at the registration controller of devise, it looks like it is not using user_params. Try changing user_params to sign_up_params.
Related
I have a model for Organisation like
class Organisation
include ActiveModel::Model
attr_accessor :orguid,
:title, :firstname, :lastname, :role, :telephone, :extension, :email,
:name, :branch, :address1, :address2, :address3, :city, :state, :country, :zip
end
In my controller I have the following actions:
# frozen_string_literal: true
require 'cgi'
require 'json'
class OrganisationsController < ApplicationController
include Secured
before_action :set_api, only: %i[dashboard create]
before_action :user_info, only: %i[dashboard register]
def dashboard
#registration = #api.registered?
end
def register
#organisation = Organisation.new
end
def create
organisation_params
register_data = params[:organisation].to_h
register_data['oruid'] = org_uid
#api.register(register_data)
end
private
def set_api
#api = CoreApi.new(org_uid)
end
def user_info
#user_info = session[:userinfo].to_h
end
def org_uid
CGI.escape(user_info['uid'])
end
def organisation_params
params.require(:organisation).permit!
end
end
in my register.html.erb I have:
<h1> Register Your Organisation</h1>
<%= form_with model: #organisation, url: org_register_path do |f| %>
<div class="container">
<h2>Your Details</h2>
<div class="form-row">
<div class="form-group col-md-2">
<%= f.label :title %>
<%= f.text_field :title, class: 'form-control' %>
</div>
<div class="form-group col-md-5">
<%= f.label :first_name %>
<%= f.text_field :firstname, class: 'form-control' %>
</div>
<div class="form-group col-md-5">
<%= f.label :last_name %>
<%= f.text_field :lastname, class: 'form-control' %>
</div>
</div>
<div class="form-row">
<div class="form-group col-md-12">
<%= f.label :role %>
<%= f.text_field :role, class: 'form-control' %>
</div>
</div>
<div class="form-row">
<div class="form-group col-md-4">
<%= f.label :telephone %>
<%= f.telephone_field :telephone, class: 'form-control' %>
</div>
<div class="form-group col-md-2">
<%= f.label :extension %>
<%= f.text_field :extension, class: 'form-control' %>
</div>
<div class="form-group col-md-6">
<%= f.label :email %>
<%= f.email_field :email, class: 'form-control', readonly:'', value: #user_info['info']['name'] %>
</div>
</div>
</div>
<div class="container">
<h2>Organisation Details</h2>
<div class="form-row">
<div class="form-group col-md-6">
<%= f.label :name %>
<%= f.text_field :name, class: 'form-control' %>
</div>
<div class="form-group col-md-6">
<%= f.label :branch %>
<%= f.text_field :branch, class: 'form-control' %>
</div>
</div>
<div class="form-row">
<div class="form-group col-md-12">
<%= f.label :address_line_1 %>
<%= f.text_field :address1, class: 'form-control' %>
</div>
</div>
<div class="form-row">
<div class="form-group col-md-12">
<%= f.label :address_line_2 %>
<%= f.text_field :address2, class: 'form-control' %>
</div>
</div>
<div class="form-row">
<div class="form-group col-md-12">
<%= f.label :address_line_3 %>
<%= f.text_field :address3, class: 'form-control' %>
</div>
</div>
<div class="form-row">
<div class="form-group col-md-4">
<%= f.label :city %>
<%= f.text_field :city, class: 'form-control' %>
</div>
<div class="form-group col-md-4">
<%= f.label :state %>
<%= f.text_field :state, class: 'form-control' %>
</div>
<div class="form-group col-md-4">
<%= f.label :country %>
<%= f.text_field :country, class: 'form-control' %>
</div>
</div>
<div class="form-row">
<div class="form-group col-md-2">
<%= f.label :zip %>
<%= f.text_field :zip, class: 'form-control' %>
</div>
</div>
</div>
<div class="container">
<div class="form-row">
<div class="form-group col-md-12">
<%= f.button :Register, class: 'btn btn-primary' %>
</div>
</div>
</div>
<% end %>
and finally the register method in my core_api.rb is this:
def register(data)
body = data.to_json
puts ">> >> >> >> #{body.class} :: #{body}"
options = { headers: { 'Content-Type' => 'application/json' }, body: body }
response = self.class.post('/organisations', options)
#puts ">>>>>>>>>>>> #{response}"
end
and finally my routes.rb file contains:
Rails.application.routes.draw do
get '/' => 'home#show'
get '/auth/auth0/callback' => 'auth0#callback'
get '/auth/failure' => 'auth0#failure'
get '/logout', to: 'logout#logout', as: 'logout'
get '/organisations/dashboard', to: 'organisations#dashboard', as: 'org_dashboard'
get '/organisations/register', to: 'organisations#register', as: 'org_register'
post '/organisations/register', to: 'organisations#create'
root 'home#show'
end
now when I run the server and submit the form in the logs I get:
>> >> >> >> String :: {"title":"","firstname":"","lastname":"","role":"","telephone":"","extension":"","email":"alijy3#yahoo.com","name":"we","branch":"we","address1":"we","address2":"","address3":"","city":"we","state":"","country":"we","zip":"","oruid":"auth0%7C5e5388493d670c11be833bca","contact_id":0}
which to me looks like a proper json. But, since the api response was continually unsuccessful I intercepted the outgoing post with Postman to see what payload is being sent. To my surprise the payload is not flat json, but comes out like this:
I have 2 problems with this:
The api accepts items like address1, address2, city, etc. I believe I should send those rather than the currently showing organisation[address1], organisation[address2], etc.
The second problem is that I add the orguid after the form is submitted and before calling/posting to the api. But, although I can see it in the log messages, I don't see the orguid in the postman payload in any form.
I don't have any database on the server. Everything is fetch/posted/saved through the api. I've been reading about how to work with Activemodel and forms for a while and I haven't managed to get this resolved yet. Any help or explanation would be much appreciated.
No offense but this is a train wreck. You don't need to break every rails convention just because you're not using ActiveRecord in this specific case.
Start off by using ActiveModel::Attributes#attribute instead of Ruby's built in attr_accessor.
class Organisation
include ActiveModel::Model
include ActiveModel::Attributes
[:orguid, :title, :firstname, :lastname, :role, :telephone,
:extension, :email, :name, :branch,
:address1, :address2, :address3, :city, :state, :country, :zip]
.each do |name|
attribute name
end
# #todo write validations!
end
This creates attributes that act like ActiveRecord attributes and you can serialize the model properly with #organization.as_json.
Then lets just start fresh on that controller as there is just too much smell for it to be worth salvaging.
# routes.rb
resources :organisations, only: [:new, :create]
class OganizationsController < ApplicationController
# GET /organizations/new
def new
#organization = Organization.new
end
# POST /organizations
def create
# You never manually parse out incoming params - thats Rack's job.
# also since you have a model - USE IT!
#organization = Organization.new(organization_params) do |o|
o.orguid = org_uid
end
# validate the user input before you send it to an external API
if #organization.valid? && #api.register(#organization)
redirect_to '/somewhere'
else
render :new
end
end
private
# use monads here instead of callbacks!
def user_info
# Rails will serialize/deserialize hashes automatically
# from the session
session[:userinfo]
end
def org_uid
# Have no clue what the heck you're doing with CGI escape.
#org_uid ||= user_info['uid']
end
def api
#api ||= CoreApi.new(org_uid)
end
def organization_params
# You don't have any reason to use 'permit!' and give
# yourself a potential mass assignment vunerablity
params.require(:organization)
.permit(
:title, :firstname, :lastname, :role, :telephone,
:extension, :email, :name, :branch,
:address1, :address2, :address3, :city,
:state, :country, :zip
)
end
end
Rename the view /organizations/new.html.rb. At this point you should be able to stub out the API and do an integration test with valid and invalid input.
That whole session[:userinfo] thing still smells really bad - if you are taking the response from OAuth and shoving it into the session your setting yourself up for a really bad time as that can cause cookie overflows. Also in general in Rails if you're ever manually casting/serializing then its a really good sign that your doing something very wrong.
Have no clue really whats going on in your CoreApi class but if you are using HTTParty you should not do ANY manual JSON encoding.
# #fixme name is way to generic.
class CoreApi
include HTTParty
format :json # sets content type and encodes the content
# ...
def register(organization)
response = self.class.post('/organisations', #organization.as_json)
if response.success?
true
else
#organization.errors.add(:base, 'Could not be registered')
false
end
end
end
My profile role is created and when the user logs in the profile controller's edit action view will be displayed. I want to show the role that is assigned to user in the edit action and the user cannot change the role. My edit.html.erb file is given as:
<div class="row">
<div class="col-md-6 offset-md-3">
<h3>Profile</h3>
<%= form_for(#profile) do |f| %>
<div class="form-group">
<%= f.label :first_name %><br />
<%= f.email_field :first_name, autofocus: true, class: "form-control"%>
</div>
<div class="form-group">
<%= f.label :last_name %><br />
<%= f.password_field :last_name, class: "form-control" %>
</div>
<div class="form-group">
<%= f.label :role %><br />
<%= f.select(:role, [['User', 'user'], ['Vip', 'vip'], ['Admin', 'admin']]) %>
</div>
<div class="actions form-group">
<%= f.submit "Submit", class: 'btn btn-primary' %>
</div>
<% end %>
</div>
The simplest possible way is just to use String#humanize from ActiveSupport.
Capitalizes the first word, turns underscores into spaces, and (by
default)strips a trailing '_id' if present. Like titleize, this is
meant for creating pretty output.
irb(main):008:0> roles.roles.keys.map(&:humanize)
=> ["User", "Vip", "Admin"]
irb(main):009:0> Profile.new(role: :admin).role.humanize
=> "Admin"
Profile.roles gives us the hash mapping for the Enum.
You can use this to generate the select tag with:
<%= form.select :role, Profile.roles.keys.map{|k| [k.humanize, k] } %>
You can get "vip".humanize to return "VIP" by setting up an inflection:
# config/initializers/inflections.rb
ActiveSupport::Inflector.inflections(:en) do |inflect|
inflect.acronym 'VIP'
end
This may require restarting your Rails server before it kicks in.
Using the I18n module
But if you want a more flexible solution that lets you set the mappings yourself (and works with translations) use the I18n module:
# config/locales/en.yml
en:
activerecord:
attributes:
profile:
roles:
user: 'User'
vip: 'Very Important Person'
admin: 'Admin'
# app/helpers/users_helper.rb
module UsersHelper
def translate_role(role)
I18n.t("activerecord.attributes.user.roles.#{ role }", default: role.humanize)
end
def role_options
Profile.roles.keys.map{|k| [translate_role(k), k] }
end
end
You would then display the users role by:
<%= translate_role(#user.role) %>
And you can setup the form input as:
<%= form.select :role, role_options %>
You can use a helper method, For example in the application_helper.rb you can make a method like this:
class ApplicationHelper
def profile_role(profile)
# Perform your logic
# if you are using as_enum gem for example
Profile.roles.select{|symbol_role,integer_rep| integer_rep == profile.role}.keys.first.to_s
# of course there could be much better way to get the string.
end
end
Then in your view, If user should not be able to change it, there is no need to make it as drop-down list:
<div class="row">
<div class="col-md-6 offset-md-3">
<h3>Profile</h3>
<%= form_for(#profile) do |f| %>
<div class="form-group">
<%= f.label :first_name %><br />
<%= f.email_field :first_name, autofocus: true, class: "form-control"%>
</div>
<div class="form-group">
<%= f.label :last_name %><br />
<%= f.password_field :last_name, class: "form-control" %>
</div>
<div class="form-group">
<%= f.label :role %><br />
<%= text_field_tag 'role', profile_role(#profile), disabled: true %>
</div>
<div class="actions form-group">
<%= f.submit "Submit", class: 'btn btn-primary' %>
</div>
<% end %>
You can just show it as regular text, e.g.:
...
<div class="form-group">
<%= f.label :last_name %><br />
<%= f.password_field :last_name, class: "form-control" %>
</div>
<p>
Role:<br />
<%= #profile.role %>
</div>
<div class="actions form-group">
<%= f.submit "Submit", class: 'btn btn-primary' %>
</div>
...
Let me preface this with I am a Java developer, but my team is developing an SSO microservice for our product in rails so I am learning as I go.
Currently I have it setup to send a confirmation of password reset when a user enters their email into this form:
<%= form_for(resource, as: resource_name, url: password_path(resource_name), html: { method: :post }) do |f| %>
<%= devise_error_messages! %>
<div class="row">
<div class="medium-12 small-12">
<div class="field">
<%= f.label :email, class: 'field-label' %>
<%= f.email_field :email, autofocus: true %>
</div>
</div>
</div>
<div class="row">
<div class="actions columns medium-12 small-12">
<%= f.submit "Send", id: "send-button" %>
</div>
</div>
<div class="row text-center align-center">
<div class="small-8 small-centered columns">
<br><p id="form-subheading">* For security reasons, we do NOT store your password. We will NEVER send your password via email.</p>
</div>
</div>
<% end %>
And it successfully passes through the following function in the class Users::PasswordsController < Devise::PasswordsController
# POST /resource/password
def create
super
end
The problem is now we need to add the following first_name and last_name fields to the form, and authenticate it against the User model before sending form to their email, but it is ignoring those parameters entirely. Clearly I need a check somewhere, but have no idea where to begin.
<div class="row">
<div class="medium-5 small-12">
<div class="field">
<%= f.label :first_name, class: 'field-label' %>
<%= f.text_field :first_name %>
</div>
</div>
<div class="medium-6 medium-offset-1 small-12">
<div class="field">
<%= f.label :last_name, class: 'field-label' %>
<%= f.text_field :last_name %>
</div>
</div>
</div>
I know they get sent to the backend because the params[:user] variable contains the information if I put a byebug statement in the function. I am just unsure how to validate the new information in the form.
Any help on building custom fields for this form would be appreciated.
So of course, after looking for an hour I post to SO, and I immediately find what I need in the documentation.
Turns out I needed to:
# config/initializers/devise.rb
config.reset_password_keys = [:email]
and change it to
config.reset_password_keys = [:email, :first_name, :last_name]
In your user model you can validate those fields. Something like this:
validates :first_name, presence: true
validates :last_name, presence: true
After sending the form, in the model they are validated. If the first_name and/or last_name isn't filled in, it will return to the form. Read this for more information about rails validations
Also in your controller you have to accept the params (if you don't already).
def user_params
params.require(:user).permit(:first_name, :last_name)
end
In your user controller you probably already have the def user_params, just add the first_name and last_name to it.
after that you can access those params like you normally would. (ex: in the create function #user = User.new(user_params) and you'll have #user.first_name.)
I'm trying to build a small expense tracking app using Rails 4.1. When a user submits the expense request, it's state is marked as pending by default. The admin has to approve the request. I'm using state_machine gem to do this.
I just added comment functionality using acts_as_commentable gem, which works fine on its own. I wanted to combine the approval drop down and the comment box in the same form and used the following code in the expense show page:
<div class="row">
<div class="col-md-8">
<%= form_for [#expense, Comment.new] do |f| %>
<div class="form-group">
<%= f.label :state %><br />
<%= f.collection_select :state, #expense.state_transitions, :event, :human_to_name, :include_blank => #expense.human_state_name, class: "form-control" %>
</div>
<div class="form-group">
<%= f.label :comment %><br />
<%= f.text_area :comment, class: "form-control" %>
</div>
<%= f.submit "Submit", class: "btn btn-primary" %>
<% end %>
</div>
</div>
<br>
The problem is I get the "NoMethodError in Expenses#show - undefined method `state' for #". Is there a way I can update both the approval status and comment in one go?
The updated show page with nested attributes:
<div class="row">
<div class="col-md-8">
<%= nested_form_for (#expense) do |f| %>
<div class="form-group">
<%= f.label :state %><br />
<%= f.collection_select :state, #expense.state_transitions, :event, :human_to_name, :include_blank => #expense.human_state_name, class: "form-control" %>
</div>
<%= f.fields_for :comments do |comment| %>
<div class="form-group">
<%= comment.label :comment%>
<%= comment.text_area :comment, class: "form-control" %>
</div>
<% end %>
<%= f.submit "Submit", class: "btn btn-primary" %>
<% end %>
</div>
</div>
Nested attributes are your friend. They are so easy to implement I'd recommend avoiding acts_as_commentable to remove an unnecessary dependency and so you understand what's going on.
Use them like this:
# expense.rb
class Expense < ActiveRecord::Base
has_many :comments # << if polymorphic add `, as: :commentable`
accepts_nested_attributes_for :comments
end
# expenses_controller.rb
def new
#expense = Expense.new
#expense.comments.build
end
# expenses/new.html.haml
= form_for(#expense) do |f|
- # expense inputs...
= f.nested_fields_for(:comments) do |comment|
= comment.text_area(:body)
= f.submit
There are many options, so check the docs for more details (they're quite good).
I have a rails app using devise for registrations and rolify for roles. I would like to have an index page that has edit links for each of the users that can be accessed by an admin. This edit page should also work without having to use a password. Right now the edit_user_path goes to the edit page of the current user, which is not what i want.
What is the best way to implement this sort of sitation? i've read a few of the posts on here about this but none seem to give me what i want.
Please point me in the right direction!
EDITED
I'm attempting to do it this way, still running into "Current password can't be blank"
From Users_controller:
def update
#user = User.find(params[:id])
if params[:user][:password].blank?
params[:user].delete(:password)
params[:user].delete(:password_confirmation)
end
if #user.update_attributes(user_params)
redirect_to users_path, :notice => "User updated."
else
redirect_to users_path, :alert => "Unable to update user."
end
end
And in my views i have an edit.html.erb file that is rendering the following form:
<div class="panel-body">
<%= form_for(resource, :as => resource_name, :url => registration_path(resource_name), :html => { :method => :put }) do |f| %>
<%= devise_error_messages! %>
<div class="form-group">
<%= f.label :email %>
<%= f.email_field :email, class: "form-control", :autofocus => true %>
</div>
<div class="form-group">
<%= f.label :username %>
<%= f.text_field :username, class: "form-control" %>
</div>
<div class="form-group">
<%= f.label :firstname %>
<%= f.text_field :firstname, class: "form-control" %>
</div>
<div class="form-group">
<%= f.label :lastname %>
<%= f.text_field :lastname, class: "form-control" %>
</div>
<div class="form-group">
<%= f.label :city %>
<%= f.text_field :city, class: "form-control" %>
</div>
<div class="form-group">
<%= f.label :zip %>
<%= f.text_field :zip, class: "form-control" %>
</div>
<div class="form-group">
<%= f.label :state %>
<%= f.text_field :state, class: "form-control" %>
</div>
<div class="form-group">
<%= f.label :country %>
<%= f.text_field :country, class: "form-control" %>
</div>
<div class="form-group">
<%= f.submit "Update", class: "btn btn-primary" %>
</div>
<% end %>
</div>
and finally in my routes.rb file i have this line to render the edit page. I can get the edit page to show up but entering info and then hitting update just shoots me to /users with the error "Current Password can't be blank"
get 'pressroom/accounts/:id/edit' => 'users#edit', :as => :admin_edit_user
Devise doesn't come with any sort of Admin interface. If you are the only administrator and don't mind a little crudeness - there is always the console and/or scaffolding. You could create a UserController which inherits from ApplicationController and execute basic view, edit methods in the same controller. By placing the appropriate new.html.erb, edit.html.erb etc files in the User Views folder, adding/editing/deleting Users should work no differently as any other CRUD, as Devise's User is another model like any. Use a scaffold on the user and you could get what you are looking for.
There are also a lot of good gems that make setting up admin interfaces a cinch: https://github.com/gregbell/active_admin Active Admin, https://github.com/sferik/rails_admin Rails Admin and I'm sure there are a bunch more out there.
It looks like i got it working by adding:
<div class="panel-body">
<% #user = User.find(params[:id]) %>
<%= form_for(#user) do |f| %>
to the top of my _form.html.erb file
Thanks for the help everyone!
If the only thing you need is for the admin to EDIT an existing user, you can have the edit, show and update actions in a separate UsersController (and leave new and create actions up to devise). That way you can move that #user = User.find(params[:id] logic out of your form, into the controller, as #Saurabh Lodha mentioned.
I just thought one thing was missing from the answers though: Make sure to also edit your routes.rb. Use a path prefix so your routing doesn't get confusing, kind of like this:
devise_for :users, :path_prefix => 'my'
resources :users
this means that when you call edit on a current_user, it will go to my/users/edit, and when you call edit on any selected user from your user list in the admin panel, it will take you to users/user_id/edit.
I hope that clarified it a bit more! good luck! :)