Can't mass-assign protected attributes: created_at(2i), created_at(3i), created_at(1i), created_at(4i), created_at(5i)
my code is below:
def new
#subject = Subject.new(:name => 'default')
#subject_count = Subject.count + 1
end
def create
# Instantiate a new object using form parameters
#subject = Subject.new(params[:subject])
# Save the object
if #subject.save
# If save succeeds, redirect to the list action
flash[:notice] = "Subject created."
redirect_to(:action => 'list')
else
# If save fails, redisplay the form so user can fix problems
#subject_count = Subject.count + 1
render('new')
what is the problem?
You can try this,
In your subject model add all attributes you used in your form such as,
class Subject < ActiveRecord::Base
attr_accessible :name, :created_at
...
...
end
Either set config.active_record.whitelist_attributes in application to false in application.rb (not recommended) or whitelist attributes in your model using attr_accessible as such
attr_accessible :name, :etc...
Make sure to whitelist the attributes sent via the controller in the Subject model as explained by Alex. You Subject model should look like:
class Subject < ActiveRecord::Base
attr_accessible :created_at
end
Why? Rails requires this recently (after a security problem on Github) to make sure a malicious user doesn't send unwanted attributes from the frontend. Suppose you have an :admin boolean field on a User class. Without the attr_accessible someone could add a new field in the form, something like <input type="checkbox" name="user[admin]" value="true" checked>, which would give him admin powers to your application.
Sidenote... you don't need to set the :created_at date from the HTML form, ActiveRecord will manage the :created_at and :updated_at automatically for you (unless you want to set it manually for some reason off course).
Related
I am not able to store the record in the database following is my code
Form Parameters
Controller
def create
#sales_dailystatus_info = SalesDailystatusInfo.new(sales_dailystatus_info_params)
#sales_dailystatus_info.user_id = current_user.id
#project = #sales_dailystatus_info.project
respond_to do |format|
if #sales_dailystatus_info.save
byebug
format.js{}
format.html{redirect_to dashboard_project_path(#project)}
else
format.js{}
format.html{render nothing: true}
end
end
end
def sales_dailystatus_info_params
params.require(:sales_dailystatus_info).permit(:user_id, :project_id, :sales_task_id,
:task_time, :description)
end
Model
class SalesDailystatusInfo < ActiveRecord::Base
belongs_to :project
belongs_to :user, optional: true
belongs_to :sales_task
validates :user_id, :sales_tasks_id, :task_time, presence: true
end
You can see in the screenshot I got rollback while save.
Please help me.
Edit:
I have made the change, Now I am iterating the params and remove strong parameters. Following is my code
def create
params[:sales_dailystatus_info].values.each do |sales_dailystatus_info|
#sales_dailystatus_info = SalesDailystatusInfo.create(
project_id: sales_dailystatus_info[:project_id],
sales_tasks_id: sales_dailystatus_info[:sales_task_id],
task_time: sales_dailystatus_info[:task_time],
description: sales_dailystatus_info[:description],
user_id: current_user.id
);
byebug
end
respond_to do |format|
format.js{}
format.html{render nothing: true}
end
end
still not able to save it. Give me error Sales task must exist.
Looking at your logs, it looks like your are submitting two SalesDailyStatusInfo:
{... 'sales_daily_status_info" => { "0" => {"project_id" => ...}, "1" => { "project_id" => ... } } }
You don't allow those keys in your params sanitizer, hence the Unpermitted parameters: :0, :1. The result is that your don't whitelist any params you submit and the params hash is empty, your model validations fail.
In order for this to work you either need to send only one project at a time or loop through your params to create both SalesDailyStatusInfo.
Add the frontend form code to your question if you need further help.
Hope it helps !
Looks like your record is not valid. You validate presence of the user_id but it's not sent. Instead of rendering nothing try to render #sales_dailystatus_info.errors.messages
Why do you validate :user_id and put optional: true at the same time? Also in your model you have validation of :sales_task_id (belongs_to association default validation on Ruby on Rails version >= 5.0) and :sales_tasks_id. And in your controller I do see :sales_tasks_id key but I do not see :sales_task_id, that is why you receive Sales task must exist error. Remove unnecessary validations of :user_id and :sales_task_id, return back strong parameters and everything will be fine
Since you are assigning a project_id and a sales_task_id, those records must be created before you can create a sales_dailystatus_info record. The error you are getting is saying you don’t have a sales_task created.
I solved it by changing the name of the field.
I change the field sales_tasks_id in sales_daily status_info to sales_task_id.
I need a singular foreign key name instead of plural.
I would like to add additional fields to the Rails Admin 'new' view for a specific model object, 'User'. These fields would not be attributes on the model itself but instead just fields that I would like users to be able to submit information with in order to calculate another field.
Is this possible?
Add virtual field to your model in rails admin using,
config.model Address do
list do
# virtual field
configure :full_address do
# any configuration
end
fields :full_address, :street, :number #, ...
end
end
Reference - https://github.com/sferik/rails_admin/wiki/Fields#virtual-fields
I'm not entirely familiar with Rails Admin, but you should be able to get what you want with Rails' virtual attributes mechanism.
In your user.rb model file, you need to add an attr_accessor line, listing the symbols you want to assign to your non-model fields, like this:
class User < ActiveRecord::Base
attr_accessor :virtual_field_one, :virtual_field_two
# Remainder of your code
end
You can add fields to the corresponding view that populate those values:
<%= f.text_field :virtual_field_one %>
Then you can add those attributes to the strong parameters method of your users_controller.rb, like this:
class ActivitiesController < ApplicationController
# other code
def user_params
params.require(:activity).permit(:mode_field_one, :mode_field_two, :virtual_field_one, :virtual_field_two)
end
# other code
end
Now you should be able to access virtual_field_one and virtual_field_two from the params hash like any other field in your User model:
virtual_field_one = params[:virtual_field_one]
I need to get some info about creating new objects in Rails with validation. For example, there is the following code:
def create
#user = User.new(params[:user])
if #user.save
# some actions: redirect, render, etc
else
render 'new'
end
end
But if there is 2 models with has_one association, for example Club and Place. I need to create both this objects from params in the same 'create' action, because I've got the same form for inputing data for it(params[:club] and params[:club][:place]). I don't know how I should save this objects, because for building a place (#club.build_place(params[:club][:place])) I should save #club in database. Please, give me example of the code for my problem. Thanks in advance.
If you're creating multiple objects from a single form you'd probably be best off putting this logic into a "Form Object"... See the article "7 Patterns to Refactor Fat ActiveRecord Models" from the CodeClimate blog found here (look for Section #3 on extracting Form Objects): http://blog.codeclimate.com/blog/2012/10/17/7-ways-to-decompose-fat-activerecord-models.
Railscasts also has a good episode on form objects, though it is a "Pro Episode" (i.e. requires subscription). http://railscasts.com/episodes/416-form-objects
In short, you create a custom model including some of the necessary ActiveModel modules then create a custom save method, e.g. (this is directly from the article which has a lot of great advice).
class Signup
include Virtus
extend ActiveModel::Naming
include ActiveModel::Conversion
include ActiveModel::Validations
attr_reader :user
attr_reader :company
attribute :name, String
attribute :company_name, String
attribute :email, String
validates :email, presence: true
# … more validations …
# Forms are never themselves persisted
def persisted?
false
end
def save
if valid?
persist!
true
else
false
end
end
private
def persist!
#company = Company.create!(name: company_name)
#user = #company.users.create!(name: name, email: email)
end
end
This gives you much more control and a much cleaner interface.
I have an object with multiple validations.
gist of the Approval model: https://gist.github.com/1579150 (side note, I know the Email Domain Validor doesn't work...)
The point is, if these validations fail, I want the object to save, but then set a value on approval.issue = true. Approval.issue is a boolean field that defaults to false, but then if the object fails validations I want the system admin to be able to see it and then handle it appropriately.
To make it more idiot proof, it would be nice to have some validations that can force the user to make changes, but then some would be exempt and would simply trigger the .issue field to true.
For instance, if the email is of the right domain but the email doesn't exist in the system, it would save it but then set issue => true. I could then set up a simple view for Approvals where :issue => :true. then the admin could modify or delete bad Approvals.
Ideas?
Code from gist:
class Approval < ActiveRecord::Base
class ApproverEmailValidator < ActiveModel::EachValidator
def validate_each(approval, attribute, value)
approval.errors[attribute] << "must be a valid e-mail address in our system" unless is_valid_email?(value)
end
protected
def is_valid_email?(address)
User.find_by_email(address)
end
end # End Approver Validator
class EmailDomainValidator < ActiveModel::EachValidator
def email_domain_is?(domain)
unless /ravennainteractive.com$/ =~ email(domain)
errors.add(:email, "You must Use an Eddie Bauer email address")
end
end
end #End Email Domain Validator
belongs_to :recommendation
attr_accessible :approval, :email, :user_id
validates :email, :email_domain
validates :next_approver_email, :approver_email => { :if => :recently_approved? }
before_save :create_next_approval
after_create :approval_notification
attr_accessor :next_approver_email
def recently_approved?
self.approved_changed? && self.approved?
end
def create_next_approval
next_approval = self.recommendation.approvals.build(:email => self.next_approver_email, :user_id => User.find_by_email(next_approver_email))
next_approval.save if next_approver_email.present? && recently_approved?
end
def email_domain_is?
unless /ravennainteractive.com$/ =~ email
errors.add(:email, "You must Use an Eddie Bauer email address")
end
end
private
def approval_notification
ApprovalMailer.needs_approval(self).deliver
end
end
You can implement observer for Approval that will analyze you objects before saving and set issue to "true", if there is some suspicious input.
UPDATE: Here is short guide how to implement observer:
rails generate observer - after this step you`ll see _observer.rb file.
Implement needed methods. Here is simple example extracted from one of my projects (It seems like you should use "before_save" method):
class HomeworkObserver < ActiveRecord::Observer
def after_create(homework)
TeacherMailer.send_later(:student_submitted_homework, homework)
end
def after_save(homework)
if (homework.checked)
StudentMailer.send_later(:teacher_checked_homework, homework)
end
end
end
Also you need to enable observer by adding it to your config/application.rb, e.g:
config.active_record.observers = :homework_observer
Official docs: http://api.rubyonrails.org/classes/ActiveRecord/Observer.html
I have the following two models:
class Product < ActiveRecord::Base
belongs_to :shop
validates_numericality_of :price, :greater_than_or_equal_to => 0
end
class Shop < ActiveRecord::Base
has_many :products
validates_presence_of :name
end
Here is the create method of my ProductsController:
def create
if params[:product][:shop_id] == "new_shop"
#shop = Shop.find_by_name(params[:new_shop]) || Shop.create(:name => params[:new_shop]) # Is there a simpler method to do this ?
params[:product][:shop_id] = #shop.id
end
#product = Product.new(params[:product])
if #product.save
redirect_to(:action => 'index')
else
render('new')
end
end
When user adds a new product he has a select box to choose the shop. The last option in this select box lets user to add a new shop (an additional input text field appears). The value of this last option is new_shop.
If the validation of the new entered shop fails, I would like the validation of the product to fail and display an appropriate error (currently an error displayed only if the validation of the product itself fails).
What would be the most "Rails 3 method" to achieve this ?
I think it would be simpler if you use accepts_nested_attributes_for. So to your Product model add:
accepts_nested_attributes_for :shop
And then in view depending on your select list value you can modify form (in js), so there will be either shop_id field or a whole set of fileds for a shop:
<% f.fields_for :shop do |sf| %>
...
<% end %>
Then if user selects existing shop, it will only pass shop_id, but if users selects new shop, then form will pass also new associated object.
If you want shop name to be unique, then just add validates_uniqueness_of to Shop model.
If validation of a shop fails, then product won't be saved. Basicaly, your controller stays as simple as it could be (just creating new product object from params - you don't care about shop there).
I agree with #klew, you should probably be using accepts_nested_attributes_for.
But, the simple and direct answer to your question is to use validates_associated.
Also, the nicer way of doing:
#shop = Shop.find_by_name(params[:new_shop]) || Shop.create(:name => params[:new_shop])
would be:
#shop = Shop.find_or_create_by_name(params[:new_shop])