I want anyone (even those not logged in) to be able to view the posts, but only the owner of the post to be able to edit or destroy the post. Currently, however, any user can edit or destroy any post. If I change
def set_pin
#pin = Pin.find(params[:id])
end
to
def set_pin
#pin = current_user.pins.find(params[:id])
end
the current user cannot edit other users' posts, but also cannot view them. Please help me out. Thanks.
class PinsController < ApplicationController
before_action :set_pin, only: [:show, :edit, :update, :destroy]
before_filter :authenticate_user!, except: [:index]
# GET /pins
# GET /pins.json
def index
#pins = Pin.all
end
# GET /pins/1
# GET /pins/1.json
def show
end
# GET /pins/new
def new
#pin = current_user.pins.new
end
# GET /pins/1/edit
def edit
end
# POST /pins
# POST /pins.json
def create
#pin = current_user.pins.new(pin_params)
respond_to do |format|
if #pin.save
format.html { redirect_to #pin, notice: 'Pin was successfully created.' }
format.json { render action: 'show', status: :created, location: #pin }
else
format.html { render action: 'new' }
format.json { render json: #pin.errors, status: :unprocessable_entity }
end
end
end
# PATCH/PUT /pins/1
# PATCH/PUT /pins/1.json
def update
respond_to do |format|
if #pin.update(pin_params)
format.html { redirect_to #pin, notice: 'Pin was successfully updated.' }
format.json { head :no_content }
else
format.html { render action: 'edit' }
format.json { render json: #pin.errors, status: :unprocessable_entity }
end
end
end
# DELETE /pins/1
# DELETE /pins/1.json
def destroy
#pin.destroy
respond_to do |format|
format.html { redirect_to pins_url }
format.json { head :no_content }
end
end
private
# Use callbacks to share common setup or constraints between actions.
def set_pin
#pin = Pin.find(params[:id])
end
# Never trust parameters from the scary internet, only allow the white list through.
def pin_params
params.require(:pin).permit(:description)
end
end
for edit and destroy use
def set_pin
#pin = current_user.pins.find(params[:id])
end
Related
I've been trying to figure this one out but I'm becoming desperate because I don't see why this isn't working.
Whatever I try, no route is matching my link and I get the following error:
Routing Error: uninitialized constant LineItemsController
My link looks like this:
<%= button_to 'Add to template', line_items_path(template_id: #template, position_id: position) %>
So the link being created is:
http://localhost:3000/line_items?position_id=2&template_id=1
routes.rb:
Rails.application.routes.draw do
resources :line_items
resources :templates
resources :positions
line_item_controller.rb
class LineItemsController < ApplicationController
before_action :set_line_item, only: [:show, :edit, :update, :destroy]
# GET /line_items
# GET /line_items.json
def index
#line_items = LineItem.all
end
# GET /line_items/1
# GET /line_items/1.json
def show
end
# GET /line_items/new
def new
#line_item = LineItem.new
end
# GET /line_items/1/edit
def edit
end
# POST /line_items
# POST /line_items.json
def create
position = Position.find(params[:position_id])
template = Template.find(params[:template_id])
#line_item = LineItem.new(position, template)
respond_to do |format|
if #line_item.save
format.html { redirect_to template_url}
format.js {#current_item = #line_item}
format.json { render action: 'show',
status: :created, location: #line_item }
else
format.html { render action: 'new' }
format.json { render json: #line_item.errors,
status: :unprocessable_entity }
end
end
end
# PATCH/PUT /line_items/1
# PATCH/PUT /line_items/1.json
def update
respond_to do |format|
if #line_item.update(line_item_params)
format.html { redirect_to #line_item, notice: 'Line item was successfully updated.' }
format.json { head :no_content }
else
format.html { render action: 'edit' }
format.json { render json: #line_item.errors, status: :unprocessable_entity }
end
end
end
# DELETE /line_items/1
# DELETE /line_items/1.json
def destroy
#line_item.destroy
respond_to do |format|
format.html { redirect_to line_items_url }
format.json { head :no_content }
end
end
private
# Use callbacks to share common setup or constraints between actions.
def set_line_item
#line_item = LineItem.find(params[:id])
end
# Never trust parameters from the scary internet, only allow the white list through.
# def line_item_params
# params.require(:line_item).permit(:position_id, :template_id)
# end
#...
end
From my understanding, my link should send a POST request that should call the create action of the line_item controller, thereby matching the route POST /line_items(.:format) line_items#create
Thanks for the help guys!
I think the issue is the filename of your controller:
line_item_controller.rb should be line_items_controller.rb
I'm working on a project, and for the life of me, I'm not sure what's going on. My code was working earlier, now I'm getting
NoMethodError in MoviesController#upvote
When I try and vote on a certain movie, here is my "movie_controller.rb"
class MoviesController < ApplicationController
before_action :set_movie, only: [:show, :edit, :update, :destroy, :upvote, :downvote]
before_action :authenticate_user!
# GET /movies
# GET /movies.json
def index
#movies = Movie.all
end
# GET /movies/1
# GET /movies/1.json
def show
end
# GET /movies/new
def new
#movie = Movie.new
end
# GET /movies/1/edit
def edit
end
# POST /movies
# POST /movies.json
def create
#movie = Movie.new(movie_params)
respond_to do |format|
if #movie.save
format.html { redirect_to #movie, notice: 'Movie was successfully created.' }
format.json { render :show, status: :created, location: #movie }
else
format.html { render :new }
format.json { render json: #movie.errors, status: :unprocessable_entity }
end
end
end
# PATCH/PUT /movies/1
# PATCH/PUT /movies/1.json
def update
respond_to do |format|
if #movie.update(movie_params)
format.html { redirect_to #movie, notice: 'Movie was successfully updated.' }
format.json { render :show, status: :ok, location: #movie }
else
format.html { render :edit }
format.json { render json: #movie.errors, status: :unprocessable_entity }
end
end
end
# DELETE /movies/1
# DELETE /movies/1.json
def destroy
#movie.destroy
respond_to do |format|
format.html { redirect_to movies_url, notice: 'Movie was successfully destroyed.' }
format.json { head :no_content }
end
end
def upvote
#movie.upvote_from current_user
redirect_to movies_path
end
def downvote
#movie.downvote_from current_user
redirect_to movies_path
end
private
def set_movie
#movies = Movie.find(params[:movie_id])
end
# Never trust parameters from the scary internet, only allow the white list through.
def movie_params
params.require(:movie).permit(:title, :image)
end
end
In particular it's saying there's a problem with is line:
private
def set_movie
#movies = Movie.find(params[:id])
end
I'll also attach my routes for good measure. Thank you guys.
Rails.application.routes.draw do
devise_for :users
root 'home#index'
resources :movies do
put "like", to: "movies#upvote"
put "unlike", to: "movies#downvote"
end
end
The problem is that you are setting a #movies variable instead of #movie. That's why you are getting a undefined method upvote_from' for nil:NilClass def upvote #movie.upvote_from
Change this part of the code
private
def set_movie
#movies = Movie.find(params[:id])
end
to this
private
def set_movie
#movie = Movie.find(params[:id])
end
Struggling to get the create working for my nested routes in the following controller:
class BooksController < ApplicationController
before_action :set_book, only: [:show, :edit, :update, :destroy]
before_filter :load_author
# GET /books
# GET /books.json
def index
#books = #author.books.all
end
# GET /books/1
# GET /books/1.json
def show
end
# GET /books/new
def new
#book = #author.books.new
end
# GET /books/1/edit
def edit
end
# POST /books
# POST /books.json
def create
#book = #auhtor.books.new(book_params)
respond_to do |format|
if #book.save
format.html { redirect_to [#parent, #child], notice: 'Book was successfully created.' }
format.json { render :show, status: :created, location: #book }
else
format.html { render :new }
format.json { render json: #book.errors, status: :unprocessable_entity }
end
end
end
# PATCH/PUT /books/1
# PATCH/PUT /books/1.json
def update
respond_to do |format|
if #book.update(book_params)
format.html { redirect_to #book, notice: 'Book was successfully updated.' }
format.json { render :show, status: :ok, location: #book }
else
format.html { render :edit }
format.json { render json: #book.errors, status: :unprocessable_entity }
end
end
end
# DELETE /books/1
# DELETE /books/1.json
def destroy
#book.destroy
respond_to do |format|
format.html { redirect_to books_url, notice: 'Book was successfully destroyed.' }
format.json { head :no_content }
end
end
private
# Use callbacks to share common setup or constraints between actions.
def set_book
#book = Book.find(params[:id])
end
# Never trust parameters from the scary internet, only allow the white list through.
def book_params
params.require(:book).permit(:name, :author_id)
end
def load_author
#author = Author.find(params[:author_id])
end
end
I am getting the following error on line #29:
undefined method `books' for nil:NilClass
Any ideas? It correctly populates the author_id field in the create view but when i click save I get this error.
I'm sure you will laugh out loud after getting solution of the issue.
You have MIS-SPELLED instance object as #auhtor. It should be #author in first line of create action.
#book = #author.books.new(book_params)
Users can create guides only when they're logged in.
When I click on the 'New Guide' link, this is what Heroku's log puts out:
2013-12-30T20:28:37.826032+00:00 app[web.1]: ActiveRecord::UnknownAttributeError (unknown attribute: user_id):
GuidesController:
class GuidesController < ApplicationController
before_action :set_guide, only: [:show, :edit, :update, :destroy]
before_action :authenticate_user!, except: [:index, :show]
# GET /guides
# GET /guides.json
def index
if params[:tag]
#guides = Guide.tagged_with(params[:tag])
else
#guides = Guide.all
end
end
# GET /guides/1
# GET /guides/1.json
def show
end
# GET /guides/new
def new
#guide = current_user.guides.build(guide_params)
end
# GET /guides/1/edit
def edit
end
# POST /guides
# POST /guides.json
def create
#guide = current_user.guides.build(guide_params)
respond_to do |format|
if #guide.save
format.html { redirect_to #guide, notice: 'Guide was successfully created.' }
format.json { render action: 'show', status: :created, location: #guide }
else
format.html { render action: 'new' }
format.json { render json: #guide.errors, status: :unprocessable_entity }
end
end
end
# PATCH/PUT /guides/1
# PATCH/PUT /guides/1.json
def update
respond_to do |format|
if #guide.update(guide_params)
format.html { redirect_to #guide, notice: 'Guide was successfully updated.' }
format.json { head :no_content }
else
format.html { render action: 'edit' }
format.json { render json: #guide.errors, status: :unprocessable_entity }
end
end
end
# DELETE /guides/1
# DELETE /guides/1.json
def destroy
#guide.destroy
respond_to do |format|
format.html { redirect_to guides_url }
format.json { head :no_content }
end
end
private
# Use callbacks to share common setup or constraints between actions.
def set_guide
#guide = Guide.find(params[:id])
end
# Never trust parameters from the scary internet, only allow the white list through.
def guide_params
params.require(:guide).permit(:title, :author, :description, :link, :tag_list) if params[:guide]
end
end
You have this in your new action
def new
#guide = current_user.guides.build(guide_params)
end
Why? The new action should just return the form to the browser to create a new guide. You repeat this in your create action, where it should be.
Also your index has this:
def index
if params[:tag]
#guides = Guide.tagged_with(params[:tag])
else
#guides = Guide.all
end
end
You should probably be using guide_params[:tag] since the :tag is being returned by the browser.
EDIT I see you are using [:tag_list] in your whitelist. I assume you are handing that somewhere else? Have you tested the ability to do an index action with a tag defined? I think the only place you want to use bare params[:xxxx] is in a private method.
I have a Listings Controller where Users can Create their Listings.
To prevent users to edit other users listings i just had to update every action from
Listing to current_user.listings
but with Rails 4 the controller got changed and i can't find how to set this up.
My Controller File->
class ListingsController < ApplicationController
before_action :set_listing, only: [:show, :edit, :update, :destroy]
before_filter :authenticate_user!, :only => [:index]
# GET /listings
# GET /listings.json
def index
#listings = Listing.all
end
# GET /listings/1
# GET /listings/1.json
def show
end
# GET /listings/new
def new
#listing = Listing.new
end
# GET /listings/1/edit
def edit
end
# POST /listings
# POST /listings.json
def create
#listing = Listing.new(listing_params)
respond_to do |format|
if #listing.save
format.html { redirect_to #listing, notice: 'Listing was successfully created.' }
format.json { render action: 'show', status: :created, location: #listing }
else
format.html { render action: 'new' }
format.json { render json: #listing.errors, status: :unprocessable_entity }
end
end
end
# PATCH/PUT /listings/1
# PATCH/PUT /listings/1.json
def update
respond_to do |format|
if #listing.update(listing_params)
format.html { redirect_to #listing, notice: 'Listing was successfully updated.' }
format.json { head :no_content }
else
format.html { render action: 'edit' }
format.json { render json: #listing.errors, status: :unprocessable_entity }
end
end
end
# DELETE /listings/1
# DELETE /listings/1.json
def destroy
#listing.destroy
respond_to do |format|
format.html { redirect_to listings_url }
format.json { head :no_content }
end
end
private
# Use callbacks to share common setup or constraints between actions.
def set_listing
#listing = Listing.find(params[:id])
end
# Never trust parameters from the scary internet, only allow the white list through.
def listing_params
params.require(:listing).permit(:title, :description)
end
end
Anyone knows a Solution ?
change from #new to build. So, change all #listing = Listing.new to:
#listing = current_user.listings.build
Then, in set_listing change to:
#listing = current_user.listings.find(params[:id])