I am using rails3 and I have a user model. This model has a status column. I am showing admin following table
Mary approve reject
John approve reject
Both approve and reject are links. Since clicking on approve will approve user's record it should not be a get request. It should be a post request. I was thinking to achieve a post request I should make clicking on approve or reject an ajax call.
In the ajax call I would make post call instead of get.
Is this a good strategy? Anyone has any better suggestion.
Thanks
Just pass :method => 'post' to your link_to call:
<%= link_to 'approve', approve_user_path(user), :method => 'post' %>
http://api.rubyonrails.org/classes/ActionView/Helpers/UrlHelper.html#method-i-link_to
You're right, it shouldn't be a get request. Actually, I think it's neither a post request, because you already have the record and want to change it.
You could just pass :method => :put to link_to. Rails will make a JS handler and when the link is clicked, it will create an invisible form with action=PUT and submit it.
BUT, AJAX is a nice thing too and it's just as hard as setting the method: :remote => true
HTTP POST is used for create, and HTTP PUT is used for update. As such, you should be using doing a PUT (add :method => 'put' to your link_to) since you are updating the user record. Here's more details: http://guides.rubyonrails.org/routing.html#crud-verbs-and-actions
Related
I can't manage to send the action "follow" as postdata when I'm doing a POST request to the Instagram API. I'm trying to make a button_to in my rails app.
Here is the erb code :
<%= button_to "Follow", "https://api.instagram.com/v1/users/*[user_id]*/relationship?access_token=*[token]*", data: {action: "follow"} %>
The by default method for Button_to is POST so I don't need to specify that. And I have to send the "follow" action in the request body, but I don't see how.
Any help ?
You should just be able to add the Params to the url, like so:
?access_token=*[token]*&action=follow
For my Website model, my current method of letting users destroy an instance of that model is putting this on an html page:
<%= link_to "delete", website, :method => :delete %>
However, this would have to send a DELETE request to /websites/:id(.:format) in order to use the destroy method. I can't do that because the id's of my Websites are strings such as http://example.com, meaning localhost:3000/websites/http://example.com just doesn't make sense.
So what I'm wondering is, is there another way to delete instances of my Websites model, other than sending an http DELETE request? I wish I could access the destroy method directly.
Any help is greatly appreciated.
Why don't you have the primary key id's of the websites as integers, and then have a "url" string attribute that can be the http://example.com name.
This will make many things easier, notably associations. Also, you can still search for things based on the url, and you aren't really limited by making the url a column and an id # as the primary key.
I'm not really sure to understand your problem but have you take a look to friendly_id ?
Thanks to this gem, you will be able to create url with string instead of basic sql primary ids.
you can access public methods by adding new route to your routes.rb.
for example:
routes.rb
post '/websites/:id' => 'websites#destroy', :as => :destroy_website
view
<%= link_to "destroy", destroy_website_path(:id => "http://example.com"), :method => :post %>
I have a ruby-on-rails application and I'm now wondering why RoR uses Restful Requests:
eg. if you want delete an ressource it's a best practice to do it with such an HTTP Request:
DELETE /entry/13
you can also do it with with such an normal request:
GET /entry/delete/13 or GET /entry/13/delete
now my question:
when i make a link to such an restful delete operation with the link_to helper
link_to :controller =>:delete, :id => id, :method => :delete
it results in some cryptic javascript:
Delete
So whats the idea behind it?
In my opinion you just exclude non-javascript users.
All versions of Rails < 3 use very obtrusive javascript (and the result is pretty ugly, as you've demonstrated).
The doc suggests the method will fall-back to using GET if javascript is disabled:
:method => symbol of HTTP verb - This
modifier will dynamically create an
HTML form and immediately submit the
form for processing using the HTTP
verb specified. Useful for having
links perform a POST operation in
dangerous actions like deleting a
record (which search bots can follow
while spidering your site). Supported
verbs are :post, :delete and :put.
Note that if the user has JavaScript
disabled, the request will fall back
to using GET. If you are relying on
the POST behavior, you should check
for it in your controller‘s action by
using the request object‘s methods for
post?, delete? or put?.
Either way, I would suggest you create the "destroy" links like so:
# when you have an "entry" object
link_to "Destroy", entry, :method => :delete
# when you only have an "entry" object's id
link_to "Destroy", entry_path(:id => id), :method => :delete
I've been searching for hours now and haven't found anything that helps.
What I want to do:
I need to call the check_login-Method (as below), which needs parameters.
redirect_to check_login_users_url(
:user => {:name => input[1], :password => input [2] },
:stylesheet => 'scaffold',
:method => :get)
The point is that these params are sent in the method-call as in the "Redirected to"-line below.
Processing ApplicationController#execute(for 127.0.0.1 at 2009-12-19 00:28:40) [POST]
Parameters: {"command"=>{"line"=>"log dodo wg"}, "authenticity_token"=> <...token>}
Redirected to http://localhost:3000/benutzer/check_login?method=get&stylesheet=scaffold&user%5Bname%5D=dodo&user%5Bpassword%5D=wg
Completed in 9ms (DB: 0) | 302 Found [http://localhost/execute]
I want to prevent rails from putting the params into the url and pass them hidden instead.
When I send a form created with form_for, there's nothing in the url, so I assume it must be possible.
Please tell me how to do that.
Steps tried
I have tried different "html-verbs": get, put, post - no difference. Though the call of check_login is really short the url-with-params shows up in my Console
create an instance variable and pass it as param (strange, didn't work either)
watch form_for working – without results, got no clue
//edith:
Thanks for all your help so far. Perhaps I didn't specify my problem in enough detail.
I've got a text_field in which I enter short commands (experimentally). Its form calls execute in AppController, which in case of login-data performs redirect_to check_login. I don't need to access a webpage, I simply want to run the method. I liked the idea of putting it into :flash, but I'm wondering if there's a "neater" way to do pass the data hidden.
TL; DR Version: Use a form.
You're never going to be able to fully hide parameters, tools can be used to monitor requests and view the post data/parameters. You could however obfuscate it with an encrypted session. Also it appears that you're sending login info via a GET request, this is generally a bad practice.
That said...
What is going wrong for you is that you're not generating any post data with link_to :method => :post. link_to will use what ever parmas you give it to generate the url. Wheres forms will send all the params generated by the form as POST data to the url generated in the form_for call.
Upon receiving a POST request, Rails will merge parameters routing picks up from from the URL with the post data it receives into one params hash.
As in POST to
http://localhost:3000/benutzer/check_login?stylesheet=scaffold&user%5Bname%5D=dodo&user%5Bpassword%5D=wg
produces the same params hash in the receiving controller action as a POST to http://localhost:3000/benutzer/check_login with the following data:
stylesheet=scaffold&user[name]=dodo&user[pasword]=wg
There will be no distinction in the server log between the two requests.
If you look at what form_for is doing, it submits POST data built from the form inputs to the url generated by the arguments.
form_for #user, create_user_url(:stylesheet => "scaffold") do |f|
f.text_field :name
f.password_field, :password
end
This form will submit the form data to the url generated from the options. In this example the url is: http://localhost:3000/users/create?stylesheet=scaffold and the form data is:
user[name]=name_field_value_at_submit&user[password]=password_field_value_at_submit
link_to will not populate post data for you. You must either do it through a form or with javascript. The link_to documentation contains an example of doing this with javascript. Look for how the destroy with :onclick is handled.
If you really don't like buttons, you could use link_to_function to submit a form.
Replace
:method => :get)
with
:method => :post)
What's the difference between :get and :post? Read Methods GET and POST in HTML forms - what's the difference?
With form_for you create form which is then POSTed to server, that's why you don't see parameters in url - they're in http request body. But it is not possible to redirect user's browser from some action in controller to make another POST - if it would be possible, then I could redirect user to (for example) email change form of gmail or other forms. You can only redirect user to other site, which user's browser then GETs.
If you really don't want to show parameters in url, and both actions are in same application, then you can store those parameters in session or flash store, and retrieve in next request after redirect.
You can use Ajax request to send form data to action :
In some cases its not good to change :get into :post.
For instance in case of Controller's :index action its not good approach to use :post
So Use ajax call to submit form and update only dynamic content of the page.
In js.coffe script file
$ ->
$("#button-id").on "click", (ev) ->
$.ajax
type: "GET"
dataType: "html"
url: "/horoscope_dailies"
data:
date: date
success: (data) ->
$("#index_content").html data
error: (object, error) ->
console.log error
In your controller action
render partial: 'partial_name' if request.xhr?
In your view file:
%div{:id => 'partial_content'}
= render 'partial_name'
How do you perform delete and put operations restfully in rails? I have read the documentation and thought I was doing everything properly, but I can't seem to get it to work.
For example, if I wanted to delete an employee I would create a controller called "EmployeesController" and create a destroy method to perform the delete.
Then I went into the routes.rb file and entered map.resources :employees, which gives you access to the URL helper functions.
In whatever I want to call the Ajax operation from, I should just have a line like:
<%= link_to_remote "Delete", employee_path(#employee), :method => :delete %>
When I click on the link, it is still is sending a POST operation, so it does nothing.
What am I missing or doing wrong?
Try
:url => employee_url(#employee)
IIRC, *_path is a named route generated by the :resource directive which includes the method, thus overwriting your :method => :delete
From my code:
<%= link_to_remote "Delete", :url => post_url(post), :method => :delete %>
Just to add a few extra details: Using :url => employee_url(#employee) helped (from the accepted answer). The other part that was messing me up was the fact that I was expecting an HTTP delete request, but I kept getting POST requests with a parameter "_method" (automatically added by rails) which was set to delete.
So it was calling the proper destroy action, which I proved by adding a couple of debug statements to the controller. Yes, my delete code was wrong in the controller, so it wasn't really deleting when I thought it was.
If your problem is not having AJAX request you have to add proper javascript tags