I use redactor rails gem.
When I try to upload picture, I see:
Started POST "/redactor_rails/pictures?authenticity_token=g1JQetiggTDMwYoG2CnVz5ilnBoXReONW9iwgt5%2FJy4%3D" for 127.0.0.1 at 2013-07-31 22:02:10 +0400
Processing by RedactorRails::PicturesController#create as HTML
#other logs
ActionController::RoutingError (No route matches {:controller=>"info", :action=>"app_index"}):
app/controllers/application_controller.rb:55:in `authorize'
What actually points that this doesn't pass my custom authorization:
def authorize
#current_permission = current_permission
if #current_permission.allow?(params[:controller], params[:action])
return true
else
redirect_to root_url
end
end
Current permission is made like this:
allow :controller, [:m1, m2, ....]
allow :users, [:new,:create,:uniqueness, :show, :create_guest, :edit_user_by_reset, :update_pass, :email_confirmation]
# so on
What have I tried:
allow "RedactorRails::PicturesController", [:create]
allow :pictures, [:create]
allow :redactor_rails, [:create]
None of that works.
Any ideas?
allow :"redactor_rails/pictures", [:index, :create]
allow :"redactor_rails/documents", [:index, :create]
So, the main useful information - that's how you declare controller method somewhere to match redactor
Related
I am experimenting the Rails API with devise.
I am trying to create a POST request so that the user can autenticate using the email and password. To do so, I am using devise and simple token authentication
However, when I submit my POST request using postman, I get the error:
ActionController::RoutingError (No route matches [POST] "/v1/sessions"):
I think the issue is that is sending the post to: /v1/sessions rather than api/v1/sessions.
However, I do not understand why since I declared my routes such as: api-->v1-->sessions
Folder structure of controller
Routes
Rails.application.routes.draw do
# devise_for :users
namespace :api do
namespace :v1 do
resources :sessions, only: [:create, :destroy]
end
end
end
Controller
class V1::SessionsController < ApplicationController
def create
user = User.where(email: params[:email]).first
if user&.valid_password?(params[:password])
render json: user.as_json(only: [:email, :authentication_token]), status: :created
else
head(:unauthorized)
end
end
def destroy
end
end
shoud it be class Api::V1::SessionsController < ApplicationController instead?
Hello I'am using clearance gem for user authentication.
So far everything works perfect, but I'am confused why even after setting the root routes for my pages index view, it still redirects me to the sign_in page of clearance gem.
I have looked at github documentation notes, and it list no other work around for this. I'am doing something wrong?
Here is what my routes.rb file looks like:
Rails.application.routes.draw do
resources :passwords, controller: "clearance/passwords", only:
[:create, :new]
resource :session, controller: "clearance/sessions", only: [:create]
resources :users, controller: "clearance/users", only: [:create] do
resource :password,
controller: "clearance/passwords",
only: [:create, :edit, :update]
end
get "/sign_in" => "clearance/sessions#new", as: "sign_in"
delete "/sign_out" => "clearance/sessions#destroy", as: "sign_out"
get "/sign_up" => "clearance/users#new", as: "sign_up"
root 'pages#index'
# For details on the DSL available within this file, see
http://guides.rubyonrails.org/routing.html
end
the clearance require_login before_action must be active for that route. Did you add that before action to application controller? Does PagesController inherit from ApplicationCobtroller? If so, you need to add skip_before_action :require_login to your pages controller. Perhaps scoped to the particular pages controller action you want unprotected.
Say I have a module name Server that was created with a scaffold. I want the url 'www.example.com/server/' to be redirected to the first Server object that exists. So for example to be redirected to 'www.example.com/server/2'.
How could this be done with routes.rb (or any other way)?
route.rb:
Rails.application.routes.draw do
resources :servers
end
Server controller:
class ServersController < ApplicationController
before_action :set_server, only: [:show, :edit, :update, :destroy]
# GET /servers
# GET /servers.json
def index
#servers = Server.all
end
....
your can put
redirect_to server_path(Server.first) and return
inside your index method it'll redirect you when ever index action is called.
and just to extent #richfisher's answer (which might be a more appropriate way to do it.)
resources :servers, except: [:index] # this won't generate redundant routes
get '/servers/' => 'servers#first' #note this is now accessible via "server_path" instead of "servers_path" helper.
For what it's worth, I'd do this:
#config/routes.rb
resources :servers, except: :index do
get "", action: :show, id: Server.first.id, on: :collection
end
This will allow you to use the show action in place of index in a super efficient setup:
#app/controllers/servers_controller.rb
class ServersController < ApplicationController
def show
#server = Server.find params[:id]
end
end
I have simple controller and routes file.
In my route and controller i have created a module. I wrote a simple method which is redirecting me show. I am not sure why.
Controller
module Seller
class CampaignsController < Seller::BaseController
before_action :confirm_logged_in
def viewAllCampaigns
#campaigns = Campaign.all
end
def show
end
end
end
Routes file
scope module: 'seller' do
#namespace :power do
resources :dashboard, only: [:index]
resources :sessions, only: [:create, :destroy]
resources :campaigns, only: [:index, :create, :show, :update, :destroy]
get 'viewAllCampaigns' => 'campaigns#viewAllCampaigns'
end
Output
Started GET "/campaigns/viewAllCampaigns" for 127.0.0.1 at 2015-10-12 17:39:43 +0500
Processing by Seller::CampaignsController#show as HTML
Parameters: {"id"=>"viewAllCampaigns"}
Rendered seller/campaigns/show.html.erb (0.1ms)
I am hitting http://localhost:3000/campaigns/viewAllCampaigns in browser.
Ideally your routes should be defined like this.
resources :campaigns, only: [:index, :create, :show, :update, :destroy] do
get 'viewAllCampaigns', on: :collection
end
The first comment on the routes.rb file is The priority is based upon order of creation: first created -> highest priority. This is the reason your route is redirecting to show. Rails is treating this url as campain/:id.
Routes are tested in order, from top to bottom. The show route you've added for the campaigns resource will look for urls matching this pattern:
/campaigns/:id
/campaigns/viewAllCampaigns matches this, so it will do the show action., with params[:id] = "viewAllCampaigns"
Move the special case route up above the resources#campaigns route to fix this, then it will catch the url first.
get 'viewAllCampaigns' => 'campaigns#viewAllCampaigns'
resources :campaigns, only: [:index, :create, :show, :update, :destroy]
It takes the following get request as a show action because show expects campaigns/:id, and it assumes 'viewAllCampaigns' is an id in this instance:
/campaigns/viewAllCampaigns
Your link_to should just be pointing to the following:
'/viewAllCampaigns'
Your route structure isn't really RESTful, but that's a separate topic.
I would like to do a new user signup via JSON but I get an invalid authenticity token error.
I would like to not turn the forgery check for all controller. Any suggestions on how to override the registrationcontroller to do this?
Here is my code:
class Api::MobileRegistrationsController < Devise::RegistrationsController
skip_before_filter :verify_authenticity_token
respond_to :json
def create
super
end
end
Routes:
Whitney::Application.routes.draw do
resources :apps
devise_for :users
namespace :api do
resources :tokens, :only => [:create, :destroy]
resources :MobileRegistrations, :only => [:create]
end
I get an error:
Routing Error
uninitialized constant Api::MobileRegistrationsController
I can't encourage you in this way, because your app will be vulnerable to CSRF attacks.
A good resource to understand CSRF : Understanding the Rails Authenticity Token
You should rather include the authenticity_token in your POST request. This is discussed in some questions on SO, like there (read all the answers) : rails - InvalidAuthenticityToken for json/xml requests
The idea :
Retrieve the token with <%= form_authenticity_token %>
Add a authenticity_token POST param to your request with the token.
If you pass the param by URI, don't forget to encoded the token value :
url += "&authenticity_token=" + encodeURIComponent( <%= form_authenticity_token %> );
You could buil your own controller that does not derive from a devise controller.
def UserSignupApiController < ApplicationController
skip_before_filter :authenticate_user!
respond_to :json
def create
#user = User.create(params[user])
respond_with(#user)
end
end
I think you get the idea. You just instantiate your User just like you would do in Rails console. I do not recommend this kind of practice though
For your error
Routing Error uninitialized constant
Api::MobileRegistrationsController
it indicates your controller is not in the correct folder.
Because you are using
namespace :api do
resources :tokens, :only => [:create, :destroy]
resources :MobileRegistrations, :only => [:create]
end
You need to put your MobileRegistrations into controllers/api folder. or you can use
scope "/api" do
resources :MobileRegistrations, :only => [:create]
end