I've been trying to edit the default scaffolding, and have been thus far quite successful. However, this little puzzle has managed to boggle me, as even reverting the file to it's original state isn't working. It's throwing up a "undefined method `model_name' for NilClass:Class" as the title suggests.
New Action In User Controller:
def new
if #current_user
redirect_to(action: 'home')
else
#user = User.new
end
respond_to do |format|
format.html # new.html.erb
format.json { render json: #user }
end
end
_form.html.erb beginning
<%= form_for(#user) do |f| %>
<% if #user.errors.any? %>
<div id="error_explanation">
<h2><%= pluralize(#user.errors.count, "error") %> prohibited this user from being saved:</h2>
<ul>
<% #user.errors.full_messages.each do |msg| %>
Any help would be appreciated!
In the case when #current_user is set, your new action doesn't stop executing after the redirect_to. Execution proceeds to the respond_to block, which attempts to render the page without setting #user, resulting in the error you're getting.
Possible solutions:
Use a before filter—Execution of the current action is halted if a before filter triggers a redirect. This is standard Rails practice.
before_filter :check_for_current_user, only: [:new]
def new
#user = User.new
respond_to do |format|
format.html # new.html.erb
format.json { render json: #user }
end
end
protected
def check_for_current_user
redirect_to(action: 'home') if #current_user
end
Just return early.
def new
if #current_user
redirect_to(action: 'home') and return
end
#user = User.new
respond_to do |format|
format.html # new.html.erb
format.json { render json: #user }
end
end
Cite: http://excid3.com/blog/execution-after-redirect-vulnerability
Related
I have a Rails 5.0.2 app and I've managed to implement a user following system using the acts_as_follower gem. Everything works nicely, however, I'm running into some trouble adding ajax.
I'm getting the following error when clicking 'follow'
NoMethodError at /7/follow
==========================
> undefined method `followed_by?' for nil:NilClass
I have the following
users_controller.rb
def follow
user = User.find(params[:id])
current_user.follow(user)
respond_to do |format|
format.html { redirect_to user}
format.js
end
end
show.html.erb
...
<div id="follow">
<%= render partial: "users/following", locals: {user: #user} %>
</div>
...
_following.html.erb
<% if !#user.followed_by?(current_user) %>
<%= link_to follow_user_path(#user.id), remote: true do %>
<h4><span class="label label-primary">Follow</span></h4>
<% end %>
<% else %>
<%= link_to unfollow_user_path(#user.id) do %>
<h4><span class="label label-primary">Unfollow</span></h4>
<% end %>
<% end %>
I understand that I have no #user in my partial after creating the record and I can't work out how to pass it back in to the partial. Any help would be appreciated.
Silly me.
In the follow method I had this:
def follow
user = User.find(params[:id])
current_user.follow(user)
respond_to do |format|
format.html { redirect_to user}
format.js
end
end
but should have been
def follow
#user = User.find(params[:id])
current_user.follow(#user)
respond_to do |format|
format.html { redirect_to #user}
format.js
end
end
#user rather than user
your problem here is that in your controller you have user, without the "#" user is a variable that exist just in your controller method, and #user is an instance variable that can be accessed on the view.
So if you plan to use this on the view, you need to add "#" to the variable.
I'm new to Rails and am trying to create an application that takes a user request. However this is what is happening when I am trying to create a new request.
Request Controller:
class RequestsController < ApplicationController
before_action :set_request, only: [:show, :edit, :update, :destroy]
# GET /requests
# GET /requests.json
def index
#requests = Request.all
end
# GET /requests/1
# GET /requests/1.json
def show
end
# GET /requests/new
def new
#request = Request.new
end
# GET /requests/1/edit
def edit
end
# POST /requests
# POST /requests.json
def create
#request = Request.new(request_params)
respond_to do |format|
if #request.save # <-------------- The problem is here
format.html { redirect_to #request, notice: 'Request was successfully created.' }
format.json { render :show, status: :created, location: #request }
else
format.html { render :new }
format.json { render json: #request.errors, status: :unprocessable_entity }
end
end
end
# PATCH/PUT /requests/1
# PATCH/PUT /requests/1.json
def update
respond_to do |format|
if #request.update(request_params)
format.html { redirect_to #request, notice: 'Request was successfully updated.' }
format.json { render :show, status: :ok, location: #request }
else
format.html { render :edit }
format.json { render json: #request.errors, status: :unprocessable_entity }
end
end
end
# DELETE /requests/1
# DELETE /requests/1.json
def destroy
#request.destroy
respond_to do |format|
format.html { redirect_to requests_url, notice: 'Request was successfully destroyed.' }
format.json { head :no_content }
end
end
private
# Use callbacks to share common setup or constraints between actions.
def set_request
#request = Request.find(params[:id])
end
# Never trust parameters from the scary internet, only allow the white list through.
def request_params
params.require(:request).permit(:user_id, :description, :created)
end
end
The error says there is no "Create" method in the requests controller, however the method that is saying this is the create method. I think that a problem is that my view isn't passing the description as a parameter and I'm not sure how to do that/why it's not already.
_form.html.erb (Rendered by edit.html.erb):
%= form_for(#request) do |f| %>
<% if #request.errors.any? %>
<div id="error_explanation">
<h2><%= pluralize(#request.errors.count, "error") %> prohibited this request from being saved:</h2>
<ul>
<% #request.errors.full_messages.each do |message| %>
<li><%= message %></li>
<% end %>
</ul>
</div>
<% end %>
<center>
<div class="field">
<%= f.label 'Describe your favor' %><br>
<%= f.text_area :description %>
</div>
<div class="actions">
<%= f.submit %>
</div>
</center>
<% end %>
If someone could show me how to pass the description object as a parameter to my create method and get the method to not crash.
Here is the error log:
NoMethodError (undefined method `Request' for #<Request:0x007f9fbd8992e8>):
app/controllers/requests_controller.rb:32:in `block in create'
app/controllers/requests_controller.rb:31:in `create'
Rendered /usr/local/rvm/gems/ruby-2.2.2/gems/actionpack-4.2.5/lib/action_dispatch/middleware/templates/rescues/_source.erb (6.9ms)
Rendered /usr/local/rvm/gems/ruby-2.2.2/gems/actionpack-4.2.5/lib/action_dispatch/middleware/templates/rescues/_trace.html.erb (2.8ms)
Rendered /usr/local/rvm/gems/ruby-2.2.2/gems/actionpack-4.2.5/lib/action_dispatch/middleware/templates/rescues/_request_and_response.html.erb (0.9ms)
Rendered /usr/local/rvm/gems/ruby-2.2.2/gems/actionpack-4.2.5/lib/action_dispatch/middleware/templates/rescues/diagnostics.html.erb within rescues/layout (29.4ms)
Using Request (or Response) as the name of a model is not a very good idea since you will end up shadowing the request object. Which is a core part of Rails controllers.
It will also make it very confusing to reason about your code since it will collide with a core concept in MVC and web development in general.
Use a thesaurus and find another name for your model.
I am totally new in the Ruby on Rails. I have tried to show an message while register. Please check my controller and view code -
users_controller.rb
class UsersController < ApplicationController
#before_action :set_user, only: [:show, :edit, :update, :destroy, :success]
def login
render layout: false
end
def register
render layout: false
#user = User.new
end
def create_register
#user = User.new(create_user_params)
#raise #user.inspect
respond_to do |format|
if #user.save
format.html { redirect_to #users, notice: 'Registration was successfully created.' }
format.json { render :success, status: :created, location: #users }
else
format.html { render :register }
format.json { render json: #ruby_win_source.errors, status: :unprocessable_entity }
end
end
end
def success
raise #user.inspect
end
private
# Use callbacks to share common setup or constraints between actions.
def set_user
#user = User.find(params[:id])
end
# Never trust parameters from the scary internet, only allow the white list through.
def user_params
params.require(:user).permit(:name, :username, :email, :password, :image, :dob, :photo, :address)
end
end
register.html.erb
<%= form_tag(#user) do |f| %>
<% if #user.errors.any? %>
<div id="error_explanation">
<h2><%= pluralize(#user.errors.count, "error") %> prohibited this user from being saved:</h2>
<ul>
<% #user.errors.full_messages.each do |message| %>
<li><%= message %></li>
<% end %>
</ul>
</div>
<% end %>
routes.rb
get 'register' => 'users#register'
post 'register' => 'users#create_register'
URL - http://localhost:3000/register
While I am loading this page I got this error message -
I searched in google and getting some same issue link. Follow step but my problem still not resolved. Please help me :(
The 2 lines in your register method are reversed. Try this:
def register
#user = User.new
render layout: false
end
In the create_register method you create a new user calling
#user = User.new(create_user_params)
but your strong params method is named user_params. Try changing the above line to
#user = User.new(user_params)
You are trying to run the method errors on a nil class. Very common issue when doing Rails. This line
<%= form_tag(#user) do |f| %>
<% if #user.errors.any? %>
is looking for a #user object. You did try to declare one here:
def register
render layout: false
#user = User.new
end
But based on the error I'm going to presume it failed. Not seeing a migration for the user table I'm guessing you didn't create one? To create a new User object for an active record class you need to run a migration against the database so that there is a table to work with.
http://guides.rubyonrails.org/active_record_migrations.html
I am also not seeing a model here. To user User.new you also need a model.
http://guides.rubyonrails.org/active_record_basics.html
Now there is one other tool that will making working in Rails much, much easier for you.
http://pryrepl.org/
Coolest tool ever. simply install the pry gem, require pry and place a newline with binding.pry wherever you need to pry into the code and you can play around directly with the code. For this instance I would do it like this.
def register
render layout: false
require `pry`; binding.pry;
#user = User.new
end
Then go to the terminal you are running your server and you are inside the code. Then try the failing part of the code. #user = User.new It will give you a much more illuminating error message.
I am new to rails.I have some confusion about about rails object life cycle.In rails we have the bellow code.
class UsersController < ApplicationController
# GET /users
# GET /users.json
def index
#users = User.all
respond_to do |format|
format.html # index.html.erb
format.json { render json: #users }
end
end
# GET /users/1
# GET /users/1.json
def show
#user = User.find(params[:id])
respond_to do |format|
format.html # show.html.erb
format.json { render json: #user }
end
end
# GET /users/new
# GET /users/new.json
def new
#user = User.new
respond_to do |format|
format.html # new.html.erb
format.json { render json: #user }
end
end
# GET /users/1/edit
def edit
#user = User.find(params[:id])
end
# POST /users
# POST /users.json
def create
#user = User.new(params[:user])
respond_to do |format|
if #user.save
format.html { redirect_to #user, notice: 'User was successfully created.' }
format.json { render json: #user, status: :created, location: #user }
else
format.html { render action: "new" }
format.json { render json: #user.errors, status: :unprocessable_entity }
end
end
end
# PUT /users/1
# PUT /users/1.json
def update
#user = User.find(params[:id])
respond_to do |format|
if #user.update_attributes(params[:user])
format.html { redirect_to #user, notice: 'User was successfully updated.' }
format.json { head :no_content }
else
format.html { render action: "edit" }
format.json { render json: #user.errors, status: :unprocessable_entity }
end
end
end
# DELETE /users/1
# DELETE /users/1.json
def destroy
#user = User.find(params[:id])
#user.destroy
respond_to do |format|
format.html { redirect_to users_url }
format.json { head :no_content }
end
end
end
then in the form we have
<%= form_for(#user) do |f| %>
<% if #user.errors.any? %>
<div id="error_explanation">
<h2><%= pluralize(#user.errors.count, "error") %> prohibited this user from being saved:</h2>
<ul>
<% #user.errors.full_messages.each do |msg| %>
<li><%= msg %></li>
<% end %>
</ul>
</div>
<% end %>
<div class="field">
<%= f.label :name %><br />
<%= f.text_field :name %>
</div>
<div class="field">
<%= f.label :email %><br />
<%= f.text_field :email %>
</div>
<div class="actions">
<%= f.submit %>
</div>
<% end %>
my confusion is in the new action in controller i have #user = User.new
and again in the create #user = User.new(params[:user]).
then in form i have <%= form_for(#user) do |f| %> .
My question is here at the form the #user object actually means waht?
I mean does this #user is going to hit the new action or create action.
If it is going to hit the create action then how this is happening because the form is actually comes from the new action so i can't figure it out how its hitting to the create action .
i know its very simple question.But i dont know how its happening as i am new to rails.
Please help me to make me understand the object flow.
thanks in advance.
The "new" action makes a new object and shows a form for editing it. That form submits to the "create" action because the object has not been saved yet.
If you did
form_for #user
and #user was a previously-saved object, the form would submit to the update action instead.
form_for is a bit magical, like a lot of rails: it does two things:
sets the "action" attribute of the form to point at either "/users" (for create) and "/users/:id" (for update)
in the case of update (ie for objects that already have an id) it also adds a hidden field which triggers the update action: this hidden field will look like this: <input type="hidden" value="put" name="_method">.
Have a look at form_for in your rails api.
It's hitting create action because of the proper form URL. When you run rake routes command, you'll see that POST /users leads to users#create action - and that's the URL in the new form. URL is set (and form fields are generated) properly by Rails because you pass User instance to the form.
I am getting an error in Rails 3.2 with devise - my view is saying undefined method on line 1 below (user). This view is an edit profile page for logged in users.
So far I've tried changing this to current_user and defining that in my controller which I've provided below, but that did not work.
My only other suspicion is that form_for is not appropriate to use on this page?
<%= form_for(#user) do |f| %>
<% if #user.errors.any? %>
<div id="error_explanation">
<h2><%= pluralize(#user.errors.count, "error") %> prohibited this user from being saved:</h2>
<ul>
<% #user.errors.full_messages.each do |msg| %>
<li><%= msg %></li>
<% end %>
</ul>
</div>
<% end %>
<div class="field">
<%= f.label :username %><br>
<%= f.text_field :username %>
</div>
<div class="field">
<%= f.label :firstname %><br>
<%= f.text_field :firstname %>
</div>
<div class="field">
<%= f.label :lastname %><br>
<%= f.text_field :lastname %>
My controller... (as I said I tried current_user)
class UsersController < ApplicationController
def current_user
#current_user ||= User.find(session[:user_id])
end
def find
#user = User.new
end
def show
#user = User.find(params[:id])
end
# GET /users
# GET /users.json
def index
#users = User.all
end
# GET /users/1
# GET /users/1.json
# GET /users/new
def new
#user = User.new
end
# GET /users/1/edit
def edit
end
# POST /users
# POST /users.json
def create
#user = User.new(user_params)
respond_to do |format|
if #user.save
format.html { redirect_to #user, notice: 'User was successfully created.' }
format.json { render action: 'show', status: :created, location: #user }
else
format.html { render action: 'new' }
format.json { render json: #user.errors, status: :unprocessable_entity }
end
end
end
# PATCH/PUT /users/1
# PATCH/PUT /users/1.json
def update
respond_to do |format|
if #user.update(user_params)
format.html { redirect_to #user, notice: 'User was successfully updated.' }
format.json { head :no_content }
else
format.html { render action: 'edit' }
format.json { render json: #user.errors, status: :unprocessable_entity }
end
end
end
# DELETE /users/1
# DELETE /users/1.json
def destroy
#user.destroy
respond_to do |format|
format.html { redirect_to users_url }
format.json { head :no_content }
end
end
private
# Use callbacks to share common setup or constraints between actions.
def set_user
#user = User.find(params[:id])
end
# Never trust parameters from the scary internet, only allow the white list through.
def user_params
params.require(:user).permit(:username, :firstname, :dateofbirth, :lastname, :gender, :location, :email, :password)
end
end
Devise comes with a current_user helper method. You probably don't want to override that, so I'd recommend removing that method from your controller. In one of my apps I allow users to edit their info and this is my edit method:
def edit
#user = current_user
end