According to the rails-cast #237, dynamic attributes were to be easily implemented. Although I have run into some errors when trying to create an object in the rails console. Please advise.
The error I am getting is as follows :
ruby-1.9.3-p0 :005 > User.new :username => "johnsmith", :email => "johnsmith#gmail.com", :password => "changethis"
ArgumentError: wrong number of arguments (1 for 0)
from /Volumes/Terra-Nova/jwaldrip/Sites/theirksome/config/initializers/accessible_attributes.rb:6:in `mass_assignment_authorizer'
from /Volumes/Terra-Nova/jwaldrip/.rvm/gems/ruby-1.9.3-p0/gems/activemodel-3.1.3/lib/active_model/mass_assignment_security.rb:209:in `sanitize_for_mass_assignment'
from /Volumes/Terra-Nova/jwaldrip/.rvm/gems/ruby-1.9.3-p0/gems/activerecord-3.1.3/lib/active_record/base.rb:1744:in `assign_attributes'
from /Volumes/Terra-Nova/jwaldrip/.rvm/gems/ruby-1.9.3-p0/gems/activerecord-3.1.3/lib/active_record/base.rb:1567:in `initialize'
from (irb):5:in `new'
from (irb):5
from /Volumes/Terra-Nova/jwaldrip/.rvm/gems/ruby-1.9.3-p0/gems/railties-3.1.3/lib/rails/commands/console.rb:45:in `start'
from /Volumes/Terra-Nova/jwaldrip/.rvm/gems/ruby-1.9.3-p0/gems/railties-3.1.3/lib/rails/commands/console.rb:8:in `start'
from /Volumes/Terra-Nova/jwaldrip/.rvm/gems/ruby-1.9.3-p0/gems/railties-3.1.3/lib/rails/commands.rb:40:in `<top (required)>'
from script/rails:6:in `require'
from script/rails:6:in `<main>'
/models/user.rb :
class User < ActiveRecord::Base
# Attributes
attr_accessible :username, :email, :password, :password_confirmation, :is_admin
attr_accessor :password
# Callbacks
before_save :encrypt_password
# Relationships
has_many :irks
# Validation
validates_confirmation_of :password
validates_presence_of :password, on: :create
validates :password, presence: true, length: { in: 3..20 }
validates :username, presence: true, uniqueness: true, length: { in: 3..20 }
validates :email, presence: true, email: true, uniqueness: true
# User Authentication
def self.authenticate(email, password)
user = find_by_email(email)
if user && user.password_hash == BCrypt::Engine.hash_secret(password, user.password_salt)
user
else
nil
end
end
# Password Encryption
def encrypt_password
if password.present?
self.password_salt = BCrypt::Engine.generate_salt
self.password_hash = BCrypt::Engine.hash_secret(password, password_salt)
end
end
end
/config/initializers/accessible_attributes.rb :
class ActiveRecord::Base
attr_accessible
attr_accessor :accessible
private
def mass_assignment_authorizer
if accessible == :all
self.class.protected_attributes
else
super + (accessible || [])
end
end
end
Not entirely sure exactly what it is you're trying to do or what the purpose of this mass_assignment_authorizer would be. Seems like there are easier ways to protect against mass assignment. That being said, I read the last couple paragraphs of the railscast, and it appears as though once you have this initializer, you can't pass any arguments into the initializer when creating an object. Even if you could, it wouldn't set the attributes...
In the controller we also need to apply the accessible option to the create action. If we just apply it like this then it will not work.
#article = Article.new(params[:article])
#article.accessible = :all if admin?
The reason that this doesn’t work is that the mass assignment happens in the new call so by the time we’ve set accessible it’s too late. We need to separate creating a new Article from assigning its attributes and slip the call to accessible in between the two.
So it looks to me like in order to set the attributes for one of your models now you need to first create it, then set accessible to be :all on the class, then manually assign the attributes you want, like such:
u = User.create
u.accessible = :all if current_user.is_admin? # or whatever the conditional is for the admin user
u.update_attributes(:username => "johnsmith", :email => "johnsmith#gmail.com", :password => "changethis")
Depending on how many attributes you need to have accessible based on permissions, you may be better off skipping this module since it is a little bit of extra work to implement. If it's only a few attributes on one or two models you may be better off just implementing this functionality by hand with your own methods and attr_accessible. Try reading this article about ruby accessors to see if you can get the desired result without this plugin perhaps?
Related
I'm trying to mix a custom User authentication mechanism based on SecurePassword with Facebook integration through omniauth-facebook gem.
my app uses Ruby 2.0.0 and Rails 4.0.0.
i tried to follow this guide omniauth and some other articles to came up with something like this for the User and Authentication Models
User model:
class User < ActiveRecord::Base
has_one :user_playlist
has_one :user_info
has_many :band_likes
has_many :song_likes
has_many :band_comments
has_many :song_comments
has_many :authorizations
#many to many relation between User and Band
#todo: make a bands_users migration
has_and_belongs_to_many :bands
has_secure_password
validates :username, presence: true, uniqueness: {case_sensitive: false}, length: {in: 8..64}, format: {with: /\A[a-zA-Z ]+\Z/, message: 'Debe poseer solo letras y espacios.'}
validates :email, presence: true, uniqueness: {case_sensitive: false}, format: {with: /#/, message: 'Dirección de correo inváilda.'}
validates :password, length: {in: 8..24}
validates :password_confirmation, length: {in: 8..24}
def self.create_from_hash!(hash)
create(:email => hash['info']['email'], :username => hash['info']['name'], :password => hash['uid'], :password_confirmation => hash['uid'] )
end
end
Authorization Model:
class Authorization < ActiveRecord::Base
belongs_to :user
validates_presence_of :user_id, :uid, :provider
validates_uniqueness_of :uid, :scope => :provider
def self.find_from_hash(hash)
find_by_provider_and_uid(hash['provider'], hash['uid'])
end
def self.create_from_hash(hash, user = nil)
user ||= User.create_from_hash!(hash)
Authorization.create(:user => user, :uid => hash['uid'], :provider => hash['provider'])
end
end
SessionsController
class SessionsController < ApplicationController
def create
auth = request.env['omniauth.auth']
unless #auth = Authorization.find_from_hash(auth)
# Create a new user or add an auth to existing user, depending on
# whether there is already a user signed in.
#auth = Authorization.create_from_hash(auth, current_user)
end
# Log the authorizing user in.
self.current_user = #auth.user
render :text => "Welcome, #{current_user.username}. <br />User saved = #{current_user.save} .<br/>User valid = #{current_user.valid?}.<br />errors= #{current_user.errors.full_messages}"
end
end
The last render was written to check about the fact that my password does not gets validated, it doesn't matter if i use hash['uid'], hash['info']['name'], or whatever.
The reason why i use this values is just because, i will figure out later how to build a random password for the oauth-ed user, but i don't want blank ones nor disable the validations.
but, no matter what value i use, always get only my name and email:
*Welcome, "My Real Name Here.
User saved = false.
User valid = false.
errors= ["Password is too short (minimum is 8 characters)", "Password confirmation is too short (minimum is 8 characters)"]*
When creating users in Rails Console got no problem, just when OAuth tries to create a User with create_from_hash.
also, if i try to assign a non existing value from hash to password fields, it adds the message that can be blank. so, it isn't blank.
and rendering hash['uid'] in controller shows that it's longer than 8.
I Must warn that i'm new to rails, so if you can, explain me with apples xD
Thanks in advance!
finally i came up with this on User model:
def self.create_from_hash!(hash)
self.where(:email => hash.info.email.to_s).first_or_create do |user|
user.email = hash.info.email
user.username = hash.info.name
user.password = hash.uid
user.password_confirmation = hash.uid
end
end
I don't know why the later doesn't work but at least this one works!
Greetings!
I have the following:
def User
has_and_belongs_to_many: :following, class: "User", inverse: :followers
has_and_belongs_to_many: :followers, class: "User", inverse: :following
end
Note that User is also a Devise object. This means that when you save a User it requires :password and :password_confirmation to save.
In the context of a rails app using Devise, and I have access to the current_user who is the currently signed in user:
following_user = User.find(following_id)
current_user.following.push(following_user)
"current_user" gets saved ok because it is authenticated, but following_user does not because it fails validation for missing :password and :password_confirmation.
Is there anyway that I can disable the validation on the inverse objects?
I tried appending "validate: false" to both sides of the inverse, but it didn't make any difference. (Have I understood the validate option in this case?)
What is the recommended approach to deal with this scenario?
Thanks.
In Devise validations for password is given as
validates_presence_of :password, :if => :password_required?
validates_confirmation_of :password, :if => :password_required?
and the method password_required is
def password_required?
!persisted? || !password.nil? || !password_confirmation.nil?
end
you can overwrite this method in your user model with your required logic.
I have the following model and am trying to turn off password validation for the User model using this Rails Validates Prevents Save
class User < ActiveRecord::Base
before_save :encrypt_password
validates :password, :presence => true,
:confirmation => true,
:length => { :within => 4..12 },
:if => :password_required?
def password_required?
self.new_record? or self.password?
end
#
# where we encrypt on creation
#
def encrypt_password
if password.present?
self.password_salt = BCrypt::Engine.generate_salt
self.password_hash = BCrypt::Engine.hash_secret(password, password_salt)
end
end
I get an error for:
undefined method `password?' for #<User:0x007fc8e0473be0>
Should I just check for self.password_hash? There's another form for updating the password. What is the best strategy for turning off validation in that instance?
thx
You should add this to your user model:
attr_accessor :password
That will give your user model a password attribute -- however, it is not persisted to the database or remember in your application in any way. Only the salt and hash are stored.
To get password? in your model too, do this:
attr_accessor :password
alias :password? :password
You can use password? like a gimpy Boolean field: if it returns anything, then password is set. Otherwise password hasn't been set.
I set up Devise to log in with a username instead of email address because a significant number of our users share the same email address with their spouse. It is a unique market that we serve. But each spouse needs separate accounts to record personality instrument results.
The database no longer requires a unique email address so it will accept the same email addy for two accounts. However, Devise is still requiring a unique email address for each account. Is there a setting or a work around that i can use to change this?
= User Model
def email_required?
false
end
def email_changed?
false
end
# For ActiveRecord 5.1+
def will_save_change_to_email?
false
end
= Migration
rails g migration update_index_on_users
def up
sql = 'DROP INDEX index_users_on_email'
sql << ' ON users' if Rails.env == 'production' # Heroku pg
ActiveRecord::Base.connection.execute(sql)
end
Look in the config/initializers/devise.rb. You can change the default authentication key, which by default is :email to be anything you want, for example:
config.authentication_keys = [ :username ]
Please find the instructions here
If you only want to remove uniqueness validation given by the devise and keep the others, refer this (for rails >= 4.1.6).
So, this is really old... but I thought I'd respond.
I'm using an old version of devise (1.4.9), but, through some help in #rubyonrails on freenode, I found that you have to edit the lib / devise / models / validatable.rb:
module Devise
module Models
module Validatable
# All validations used by this module.
VALIDATIONS = [ :validates_presence_of, :validates_uniqueness_of, :validates_format_of,
:validates_confirmation_of, :validates_length_of ].freeze
def self.included(base)
base.extend ClassMethods
assert_validations_api!(base)
base.class_eval do
validates_presence_of :email, :if => :email_required?
# commented out so that we don't check for unique emails
#validates_uniqueness_of :email, :case_sensitive => (case_insensitive_keys != false), :allow_blank => true, :if => :email_changed?
validates_format_of :email, :with => email_regexp, :allow_blank => true, :if => :email_changed?
validates_presence_of :password, :if => :password_required?
validates_confirmation_of :password, :if => :password_required?
validates_length_of :password, :within => password_length, :allow_blank => true
end
end
end
end
end
This also required going into the database and changing the index on the email column, which is set to unique out of the box.
This my code:
class OrdersController
def create
#order = Order.new(params[:order])
if #order.purchase
work = GATEWAY.store(credit_card, options)
result = work.params['billingid']
current_user.update_attributes(:billing_id => result)
end
end
end
billingid is returned by running GATEWAY.store(credit_card, options)
I am trying to save this returned billingid into :billing_id column in User Model. Is it not possible to update attribute of User model from a that is not UsersController?
Simply put, is it not possible to update an attribute of model #1 from a controller of model #2?
Thanks
UPDATE:
With the help of the men below, I was able to verify two things:
1. result = work.params ['billingid'] returns string
2. That I am able to save into a different model from any controller
However, even though I have attr_accessible :billing_id I am still unable to save the result into billing_id column of User table. I was successful in saving the result in a store_name column of a Store table, so I don't know what it is about User model that is preventing me from saving.
I ran,
#mystore = Store.find(current_user)
#mystore.store_name = result
#mystore.save
and it was successful. But,
#thisuser = User.find(current_user)
#thisuser.billing_id = result
#thisuser.save
This fails even though attr_accessible is set correctly. What else could prevent from saving certain attributes other than attr_accessible? Thanks everyone!
UPDATE 2: User Model
require 'digest'
class User < ActiveRecord::Base
has_one :store
has_many :products
attr_accessor :password
# attr_accessible was commented out completely just to check as well. Neither worked
attr_accessible :name, :email, :password, :password_confirmation, :username, :billing_id
validates :name, :presence => true,
:length => { :maximum => 50 }
validates :email, :presence => true,
:format => { :with => email_regex },
:uniqueness => { :case_sensitive => false }
validates :password, :presence => true,
:confirmation => true,
:length => { :within => 6..40 }
username_regex = /^([a-zA-Z0-9]{1,15})$/
before_save :encrypt_password
def has_password?(submitted_password)
encrypted_password == encrypt(submitted_password)
end
private
def encrypt_password
self.salt = make_salt if new_record?
self.encrypted_password = encrypt(password)
end
def encrypt(string)
secure_hash("#{salt}--#{string}")
end
def make_salt
secure_hash("#{Time.now.utc}--#{password}")
end
def secure_hash(string)
Digest::SHA2.hexdigest(string)
end
end
end
UPDATE FINAL: SOLUTION
using #thisusers.errors, I was able to find out that it was trying to validate the presence of password during this request. Once I commented it out, it saved without an issue. I am unsure why this is happening, but I will take it from here. Thanks everyone esp. dmarkow!
There should be no issue updating any number of models from a controller.
Make sure that work.params['billingid'] actually contains a value.
Your User model may have some attributes marked as attr_accessible (since you have current_user, I assume you have authentication, and this often means needing to protect your model's attributes by default). If this is the case, that means that only those attributes can be changed by mass assignment (e.g. using update_attributes). Either add billing_id to the list of attributes that are attr_accessible, or don't use mass assignment. (Instead, you would just do current_user.billing_id = result and then current_user.save)
Edit: The problem wound up being a validation error on the User model. Always make sure to check the user.errors when user.save returns false.