I have a model, Tran that has a foreign key to the User model. In the view for creation a Tran (transaction), I have a dropdown that allows the user to select the User that started the transaction. When I post this transaction, the record is set with the correct user ID:
Then, in my Trans model I added "belongs_to", as I understand I should do this for foreign keys:
class Tran < ActiveRecord::Base
belongs_to :buying_user, :class_name => 'User'
Now, when my client passes up the params in the post, my Tran.new craps out because I am passing up a userID and not a full record. Is the
#trans_controller.rb
def create
#title = "Create Transaction"
#bombs on this call
#tran = Tran.new(params[:tran])
How am I supposed to handle this?
Update as requested:
tran.rb
class Tran < ActiveRecord::Base
has_many :transaction_users, :dependent => :destroy, :class_name => 'TransactionUser'
belongs_to :submitting_user, :class_name => 'User'
belongs_to :buying_user, :class_name => 'User'
accepts_nested_attributes_for :transaction_users, :reject_if => lambda { |a| a[:content].blank? }, :allow_destroy => true
validates :description, :presence => true,
:length => {:maximum => 100 }
validates :total, :presence => true
validates_numericality_of :total, :greater_than => 0
validates :submitting_user, :presence => true
validates :buying_user, :presence => true
validates_associated :transaction_users
end
user.rb
class User < ActiveRecord::Base
has_many :trans
attr_accessor :password
attr_accessible :firstname, :lastname, :email, :password, :password_confirmation
email_regex = /\A[\w+\-.]+#[a-z\d\-.]+\.[a-z]+\z/i
validates :firstname, :presence => true,
:length => {:maximum => 50 }
validates :lastname, :presence => true,
:length => {:maximum => 50 }
validates :email, :presence => true,
:format => {:with => email_regex },
:uniqueness => { :case_sensitive => false }
validates :password, :presence => true,
:confirmation => true,
:length => { :within => 6..40 }
# Register callback to before save so that we can call extra code like password encryption
before_save :encrypt_password
# Class methods
def self.authenticate(email, submitted_password)
user = find_by_email(email)
return nil if user.nil?
return user if user.has_password?(submitted_password)
end
def self.authenticate_with_salt(id, cookie_salt)
user = find_by_id(id)
(user && user.salt == cookie_salt) ? user : nil
end
# Public methods
def has_password?(submitted_password)
self.encrypted_password == encrypt(submitted_password)
end
def full_name
"#{self.lastname}, #{self.firstname}"
end
def self.active_users
# TODO
#User.find_
User.all
end
private
def encrypt_password
self.salt = make_salt if new_record?
self.encrypted_password = encrypt(password)
end
def encrypt (string)
secure_hash("#{salt}--#{string}")
end
def make_salt
secure_hash("#{Time.now.utc}--#{password}")
end
def secure_hash(string)
Digest::SHA2.hexdigest(string)
end
end
params hash on submit:
{"commit"=>"Submit",
"tran"=>{"total"=>"100",
"submitting_user"=>"1",
"description"=>"Description"},
"authenticity_token"=>"88qI+iqF92fo/M9rPfMs1CLpEXqFLGQXfj0c9krXXac=",
"utf8"=>"✓",
"user"=>"1"}
error:
User(#70040336455300) expected, got String(#70040382612480)
beginning of controller:
def create
#title = "Create Transaction"
#tran = Tran.new(params[:tran])
It crashes on the Tran.new line. Thanks so much!
Typically the User model would have has_many :transactions, :class_name => Tran
Then you would do this...
#user.transaction_create(params[:tran])
or
#user.build
it depends on what parameters are actually passed in params[:tran], but the idea is that the has_many side does the creating of the belongs_to.
I figured it out! The problem the whole time was that my db column name on my Trans table that linked to my Users table was submitting_user instead of submitting_user_id. Then, when I added the belongs_to association to submitting_user rails got confused and made that field a User, instead of an integer.
Related
I get this error
ActiveModel::MassAssignmentSecurity::Error in SessionsController#create
Can't mass-assign protected attributes: created_at, updated_at
I think I can add some codes to solve this problem.
class User < ActiveRecord::Base
attr_accessible :email, :nickname, :authentications_attributes, :created_at, :updated_at
Why Omniauth changes the created_at and updated_at?
In addition to add "attr_accessible :created_at, :updated_at", there are other ways?
This is my models/user.rb
class User < ActiveRecord::Base
attr_accessible :email, :nickname, :authentications_attributes, :created_at, :updated_at
validates :nickname, :presence => true
validates :email, :presence => true, :uniqueness => true
has_many :authentications
accepts_nested_attributes_for :authentications
class << self
def from_auth(auth)
Authentication.find_by_provider_and_uid(auth[:provider],
auth[:uid]).try(:user) ||
create!(
:nickname => auth[:info][:nickname],
:email => auth[:info][:email],
:authentications_attributes => [
Authentication.new(:provider => auth[:provider],
:uid => auth[:uid]
).attributes
])
end
end
end
This is my models/identity.rb
class Identity < OmniAuth::Identity::Models::ActiveRecord
attr_accessible :nickname, :email, :password, :password_confirmation, :authentications_attributes
validates_presence_of :nickname, :email
validates_uniqueness_of :nickname, :email
validates_format_of :email, :with => /^[-a-z0-9_+\.]+\#([-a-z0-9]+\.)+[a-z0-9]{2,4}$/i
end
This is my models/authentication.rb
class Authentication < ActiveRecord::Base
attr_accessible :user_id, :provider, :uid, :authentications_attributes, :created_at, :updated_at
validates :provider, :presence => true, :uniqueness => {:scope => :user_id}
validates :uid, :presence => true, :uniqueness => {:scope => :provider}
belongs_to :user
end
This is my controllers/sessions_controller.rb
class SessionsController < ApplicationController
def create
user = User.from_auth(request.env['omniauth.auth'])
session[:user_id] = user.id
flash[:notice] = "Welcome #{user.nickname}"
redirect_to root_path
end
end
Thanks for your thoughts and pointers.
The problem is this bit of code:
Authentication.new(:provider => auth[:provider],
:uid => auth[:uid]
).attributes
This will return the full set of attributes, including the created_at and updated_at dates, which you're then passing to create, so mass assigning.
You could create the user, then build the attributes like so:
authentication = Authentication.find_by_provider_and_uid(auth[:provider],
auth[:uid]).try(:user)
unless authentication
user = create!(
:nickname => auth[:info][:nickname],
:email => auth[:info][:email])
user.authentications.build(:provider => auth[:provider])
end
I'm a newbie watching a Lynda.com video about rails 3. The teacher creates a method like this to find a user
def name
"#{first_name} #{last_name}"
end
He says this will return first name and last name for this user, but I don't understand how this function accesses first_name last_name, since there is no call to a database or no form parameters.
I know that without looking at the whole application it will be impossible for you to explain this, but you may be able to guess what this function might be dependent on.
this is the whole AdminUser model
require 'digest/sha1'
class AdminUser < ActiveRecord::Base
# To configure a different table name
# set_table_name("admin_users")
has_and_belongs_to_many :pages
has_many :section_edits
has_many :sections, :through => :section_edits
attr_accessor :password
EMAIL_REGEX = /^[A-Z0-9._%+-]+#[A-Z0-9.-]+\.[A-Z]{2,4}$/i
# standard validation methods
# validates_presence_of :first_name
# validates_length_of :first_name, :maximum => 25
# validates_presence_of :last_name
# validates_length_of :last_name, :maximum => 50
# validates_presence_of :username
# validates_length_of :username, :within => 8..25
# validates_uniqueness_of :username
# validates_presence_of :email
# validates_length_of :email, :maximum => 100
# validates_format_of :email, :with => EMAIL_REGEX
# validates_confirmation_of :email
# new "sexy" validations
validates :first_name, :presence => true, :length => { :maximum => 25 }
validates :last_name, :presence => true, :length => { :maximum => 50 }
validates :username, :length => { :within => 8..25 }, :uniqueness => true
validates :email, :presence => true, :length => { :maximum => 100 },
:format => EMAIL_REGEX, :confirmation => true
# only on create, so other attributes of this user can be changed
validates_length_of :password, :within => 8..25, :on => :create
before_save :create_hashed_password
after_save :clear_password
scope :named, lambda {|first,last| where(:first_name => first, :last_name => last)}
scope :sorted, order("admin_users.last_name ASC, admin_users.first_name ASC")
attr_protected :hashed_password, :salt
def name
"#{first_name} #{last_name}"
end
def self.authenticate(username="", password="")
user = AdminUser.find_by_username(username)
if user && user.password_match?(password)
return user
else
return false
end
end
# The same password string with the same hash method and salt
# should always generate the same hashed_password.
def password_match?(password="")
hashed_password == AdminUser.hash_with_salt(password, salt)
end
def self.make_salt(username="")
Digest::SHA1.hexdigest("Use #{username} with #{Time.now} to make salt")
end
def self.hash_with_salt(password="", salt="")
Digest::SHA1.hexdigest("Put #{salt} on the #{password}")
end
private
def create_hashed_password
# Whenever :password has a value hashing is needed
unless password.blank?
# always use "self" when assigning values
self.salt = AdminUser.make_salt(username) if salt.blank?
self.hashed_password = AdminUser.hash_with_salt(password, salt)
end
end
def clear_password
# for security and b/c hashing is not needed
self.password = nil
end
end
The method "name" is not finding a user from the database, however the variables inside it (first_name and last_name) are read from the corresponding database table fields. In this case assuming the usual rails conventions are followed you will find a database table called "AdminUsers" and inside it some fields of which one is first_name and another is second_name.
How this all works and why it is so can be found in the Ruby on Rails documentation for ActiveRecord
In my controller, I try updating a user instance's rank attribute (integer). For example from 1 to 2.
I do this by:
#user = User.find(params[:id])
#user.rank = 2
#user.save(:validate => false)
For some reason the password for the user being saved gets erased, so that they can log in to my site without a password at all. I've tried with and without the :validate => false parameter.
Any reason why? help? Thanks a bunch
Model Code
class User < ActiveRecord::Base
attr_accessor :password
attr_accessible :login, :email, :fname, :lname, :password, :password_confirmation, :rank, :hours, :wars
email_filter = /\A[\w+-.]+#[a-z\d-.]+.[a-z]+\z/i
validates :login, :presence => true, :length => { :maximum => 15, :minimum => 4 }, :uniqueness => true
validates :fname, :presence => true, :length => {:minimum => 2 }
validates :lname, :presence => true, :length => {:minimum => 2 }
validates :email, :presence => true, :format => { :with => email_filter}, :uniqueness => { :case_sensitive => false }
validates :password, :presence => true, :confirmation => true, :length => { :within =>4..40 }
validates :lane_id, :presence => true
before_save :encrypt_password
has_many :reports
has_many :accomplishments
belongs_to :lane
def has_password?(submitted_password)
encrypted_password == encrypt(submitted_password)
end
def self.authenticate(login, submitted_password)
user = find_by_login(login)
return nil if user.nil?
return user if user.has_password?(submitted_password)
end
def self.authenticate_with_salt(id, cookie_salt)
user = find_by_id(id)
(user && user.salt == cookie_salt) ? user : nil
end
def current_report
report = (Report.order("created_at DESC")).find_by_user_id(#user.id)
end
private
def encrypt_password
self.salt = make_salt if new_record?
self.encrypted_password = encrypt(password)
end
def encrypt(string)
secure_hash("#{salt}--#{string}")
end
def make_salt
secure_hash("#{Time.now.utc}--#{password}")
end
def secure_hash(string)
Digest::SHA2.hexdigest(string)
end
end
You only want to encrypt the password if one is present, so add a condition to your callback
before_save :encrypt_password, :unless => "password.blank?"
Also, you do not want to validate the password every time you update the user record. You can remove the :presence => true validation, and add a condition to run the other validations only when the password is present.
validates :password, :confirmation => true, :length => { :within =>4..40 }, :unless => "password.blank?"
You have a before_filter that encrypts the password everytime you save your model. Instead of a before_filter use something like this:
def password=(new_password)
self.salt = make_salt if new_record?
self.encrypted_password = encrypt(new_password)
end
I know this is severely late, but I actually just stumbled across this article on therailsways.com that was written back in 2009, but still worked for me in case anyone else who comes here through Google might have this same problem.
before_save :encrypt_password, :if => :password_changed?
I was having the same problem where my password would be re-encrypted on update, but I only wanted to encrypt it on user creation.
I was looking for alternatives to before_save, but none of them really did the trick. This however, certainly did, and all I had to do was add that if condition. It worked perfectly.
I am trying to set up the User model to successfully save user in the db but I'm hindered by, NameError: undefined local variable or method `hashed_password' for #<User:0x000001029fef18>
User model:
require 'digest'
class User < ActiveRecord::Base
attr_accessor :password
validates :email, :uniqueness => true,
:length => { :within => 5..50 },
:format => { :with => /^[^#][\w.-]+#[\w.-]+[.][a-z]{2,4}$/i }
validates :password, :confirmation => true,
:length => { :within => 4..20 },
:presence => true,
:if => :password_required?
has_one :profile
has_many :articles, :order => 'published_at DESC, title ASC',
:dependent => :nullify
has_many :replies, :through => :articles, :source => :comments
before_save :encrypt_new_password
def self.authenticate(email, password)
user = find_by_email(email)
return user if user && user.authenticated?(password)
end
def authenticated?(password)
self.hashed_password == encrypt(password)
end
protected
def encrypt_new_password
return if password.blank?
self.hashed_password = encrypt(password)
end
def password_required?
hashed_password.blank? || password.present?
end
def encrypt(string)
Digest::SHA1.hexdigest(string)
end
end
Add the hashed_password field to your users table by using a migration. It's currently missing.
My first bet is that hashed_password is not defined as a column in your model. Might want to check your migration file for this specific model
Add
attr_accessor :password, :password_confirmation
to Users.rb
I have the following models (with corresponding database tables) in my Rails 3 application:
class User < ActiveRecord::Base
has_many :service_users
has_many :services, :through => :service_users
attr_accessor :password
attr_accessible :password, :password_confirmation, :service_ids
validates :password, :presence => true,
:confirmation => true,
:length => { :within => 6..40 }
...
end
class Service < ActiveRecord::Base
has_many :service_users
has_many :users, :through => :service_users
...
end
class ServiceUser < ActiveRecord::Base
belongs_to :service
belongs_to :user
end
#User Controller:
class UsersController < ApplicationController
...
def update
#user = User.find(params[:id])
if #user.update_attributes(params[:user])
flash[:success] = "Profile updated."
redirect_to #user
else
#title = "Edit user"
render 'edit'
end
end
...
end
I want to be able to update a User model's associated services without having to specify the password and password confirmation attributes. How can I do this?
Two options...
If you have simple logic, like only validating the password when a user is created, this will work:
validates :password, :presence => true,
:confirmation => true,
:length => { :within => 6..40 },
:if => :new_record?
More likely, you'll want a combination so that users can update their password:
validates :password, :presence => true,
:confirmation => true,
:length => { :within => 6..40 },
:if => :is_password_validation_needed?
# Protect the password attribute from writing an
# empty or nil value
def password=(pass)
return if !pass.present?
#password = pass
end
private
def is_password_validation_needed?
# Return true if the record is unsaved or there
# is a non-nil value in self.password
new_record? || password
end
This could help:
http://railscasts.com/episodes/41-conditional-validations
you will want to look into conditional validation to specify whether or not the password attribute in your model should be validated when you are updating/saving the model. here is a Railscast episode that, while a little dated, is still fairly straightforward and should get you off on the right path