I'm struggling a bit to find the right place for a helper method. The method basicly 'inspects' a User-model object and should return some information about the 'progress' of the user, eg. "You need to add pictures", "Fill out your address" or "Add your e-mail-adress". None of the conditions I'm checking for are required, it's just like a "This is your profile completeness"-functionality as seen on LinkedIn etc.
Each of these 'actions' have a URL, where the user can complete the action, eg. a URL to the page where they can upload a profile photo if that is missing.
Since I need access to my named routes helpers (eg. new_user_image_path) I'm having a hard time figuring out the Rails-way of structuring the code.
I'd like to return an object with a DSL like this:
class UserCompleteness
def initialize(user)
end
def actions
# Returns an array of actions to be completed
end
def percent
# Returns a 'profile completeness' percentage
end
end
And user it with something like: #completeness = user_completeness(current_user)
However, if I'm adding this to my application_helper I don't have access to my named routes helpers. Same goes if I add it to my User-model.
Where should I place this kind of helper method?
This is a similar problem to that of Mailers. They are models, and should not cross the MVC boundaries, but need to generate views. Try this:
class UserCompleteness
include ActionController::UrlWriter
def initialize(user)
end
def actions
# Returns an array of actions to be completed
new_user_image_path(user)
end
def percent
# Returns a 'profile completeness' percentage
end
end
But be aware you are breaking MVC encapsulation, which might make testing more difficult. If you can get away with some methods in the users helper instead of a class that might be better.
From the little i got your question i think you want a method which you can used in Controller as well as Views.
To Accomplish this simple add method in application_controller.rb and named it hepler_method
Example:-
class ApplicationController < ActionController::Base
helper_method :current_user
def current_user
#current_user ||= User.find_by_id(session[:user])
end
end
you can use method current_user in both Controller as well as views
Related
I'm learning Rails and working on DinnerDash.
In application_controller.rb I have:
helper_method :admin?
def admin?
current_user.admin_code == 'secret' if current_user
end
So I could use if admin? in my view files to display certain things only to admins. Now I want to write a before_filter that checks if the current_user is an admin and if not, redirects.
It seems to me that I have to write another method to do this. For view files, I want the method to return false if the user isn't an admin, and for the before_filter, I want it to redirect.
Still, something tells me that this isn't the most efficient way to do this. Since I'm learning Rails, I don't want to develop any bad habits of writing code that isn't DRY. Any ideas on how to best handle this situation?
I would make admin? an instance method of the User model. I think it belongs there because you're actually asking for information about a user object.
Then, for the before_filter, I would do something like this:
before_filter :admin_or_redirect
def admin_or_redirect
redirect_to some_url if !current_user.admin?
end
Then you can still call admin? in your views on #user (which you assign current_user to in your controller), and have a different behavior for your before_filter.
EDIT:
You also want to change your admin? method like this:
class User < ActiveRecord::Base
...
def admin?
self.admin_code == 'secret'
end
end
I use MongoDB as a database in my Rails application with MongoID gem. I want to call the helper method from the model within after_create callback method. How is it possible?My model code is:
class Department
include ApplicationHelper
after_create :create_news
private
def create_news
#user = ApplicationHelper.get_current_users
end
end
And my helper code is:
module ApplicationHelper
def get_current_users
current_user
end
end
When I create new department then following error occur.
undefined method `get_current_users' for ApplicationHelper:Module
How to remove error? Thanks in advance.
I also use mongoid and use this all the time. Shouldn't be unique to mongoid though.
ApplicationController.helpers.my_helper_method
If you want a helper method that you can use in your views to return the current user, you can do so in your ApplicationController, something like this for example:
private
def current_user
#current_user ||= User.find(session[:user_id]) if session[:user_id]
end
helper_method :current_user
Then you can use this in any view.
If you want some arbitrary method in a model to know what user it's dealing with, pass #current_user in as an argument to the method when you call it in your controller.
Your code seems incomplete so I can't really see what you're trying to accomplish, but this is pretty standard practice.
Make sure the module file is named properly, meaning in your case application_helper.rb and it's located on the helpers library.
You can also try to include the helper in the ApplicationController (app/controller/application_controller.rb).
I was attempting to start a test to confirm that a user can only modify an object if current_user.id and model.user_id match.
I feel like this is a validation from the model. So I might write something like:
class UserLocked < ActiveModel::Validator
def validate(record)
unless record.user_id == current_user.id
record.errors[:name] << "Sorry you cannot modify something that is not your's"
end
end
end
Which might be ok... (is there a centralized place I can put this? do I need to do anything special to reference it then?)
Writing a test for that isn't too bad either; however, I also need to prevent the controller from displaying the form to edit form. Should I be creating a separate view or just make it part of the edit page? How can I write a test for this for this in rspec...
I might be over thinking this, but I am trying to figure out what everyone else is doing. An example would be great! I've done this before in other languages/frameworks, but I am trying to "do things the right way."
Thanks!
Authorization belongs in the controller and not in the model. So you could implement a before_filter like this:
class UsersController < ApplicationController
before_filter :correct_user, only: [:edit, :update]
...
private
def correct_user
#user = User.find(params[:id])
redirect_to root_path unless current_user? #user
end
end
Of course you would need some sort a method to detect who the current user is.
You could test this with a request spec, using RSpec & Capybara. The logic is simple: you login with a user and expect that when trying to edit the info of another user you get an error message displayed. Otherwise the relevant form fields should be displayed.
For an example see http://ruby.railstutorial.org/chapters/updating-showing-and-deleting-users#code:edit_update_wrong_user_tests
My question is about controller methods (possibly included from an outside class) that work with instance variables. I frequently use a before_filter in controllers to set up certain variables, e.g.:
class DocumentController < ApplicationController
before_filter :fetch_document
def action
#document.do_something
end
private
def fetch_document
#document = Document.find(params[:id])
end
end
I've been working on a project in which a few controllers will share some functionality, say, document editing. My first thought was to extract the relevant methods, and get them from application_controller.rb or a separate module. But then I noticed I was writing code that looks like this:
def fetch_document
#document = Document.find(params[:id])
end
def do_something_to_document
#document.do_something
end
This sets off warning bells: do_something_to_document is essentially assuming the existence of #document, rather than taking it as an argument. Is this, in your sage opinions, a bad coding practice? Or am I being paranoid?
Assuming it is an issue, I see two general approaches to deal with it:
Check for the instance var and bail unless it's set:
def do_something_to_document
raise "no doc!" unless #document
[...]
end
Call the action with the instance var as an argument:
def do_something_to_document(document)
[...]
end
2 looks better, because it hides the context of the calling object. But do_something_to_doc will only be called by controllers that have already set up #document, and taking #document as a method argument incurs the overhead of object creation. (Right?) 1 seems hackish, but should cover all of the cases.
I'm inclined to go with 1 (assuming I'm right about the performance issue), even though seeing a list of methods referencing mysterious instance vars gives me hives. Thoughts? Let me know if I can be more clear. (And of course, if this is answered somewhere I didn't see it, just point me in the right direction...)
Thanks,
-Erik
If you really need document in different controllers, I'd do something like this:
class ApplicationController < ActionController::Base
private
def document
#document ||= Document.find(params[:document_id])
end
end
class FooController < ApplicationController
before_filter :ensure_document, :only => [:foo]
def foo
document.do_something
end
private
# TODO: not sure if controller_name/action_name still exists
def ensure_document
raise "#{controller_name}##{action_name} needs a document" unless document
end
end
As #variable are session/instance variable you will get a Nil exception in do_something_to_document method.
The first code is fine, because before_filter will always load your #document.
I suggest you to write something like that
def fetch_document(doc_id)
#document ||= Document.find(doc_id)
end
def do_something_to_document
my_doc = fetch_document(params[:id])
end
where do_something_to_document is in the controller (if not, dont use params[:id], even if you know you can access this global, use another explicit parameter). The ||= thing, will asssure that you call the base only once by request.
I have several controllers that require a correct user for their edit/update/delete actions. What is the Rails-way to accomplish the following:
Currently, in each controller I have the following code:
class FooController < ApplicationController
before_filter :correct_user, :only => [:edit, :update, :destroy]
# normal controller code
private
def correct_user
#foo = Foo.find params[:id]
redirect_to some_path unless current_user == #foo.user
end
end
I have similar code in 3 controllers. I started to bring it out to a helper like this:
module ApplicationHelper
def correct_user( object, path )
if object.respond_to? :user
redirect_to path unless object.user == current_user
end
end
But I'm wondering if this is a good way to do it. What's the accepted way to solve this?
Thank you
EDIT
The correct user check here is because I want to make sure it's only the author who can make edits/deltes to each of the objects.
To clarify, the objects would be things like Questions and Posts. I don't want to use something like CanCan as it's overkill for something simple like this.
I really like using RyanB's CanCan, which allows you to both restrict access to actions based on the user, and centralize such authorization into basically a single file.
CanCan on GitHub: https://github.com/ryanb/cancan
Screencast explaining how to setup/use it: http://railscasts.com/episodes/192-authorization-with-cancan
EDIT
No problem. I hear you on CanCan - it takes a little while to get up and running on it, but it's designed to do exactly what you're asking - per object authorization.
Alternative:
Another way to do this is move your authoriship/current_user check to the ApplicationController class, from which all of your other Controllers inherit (so they will get that code through inheritance - and you don't need to write the same code in multiple Controllers), and it would look something like...
class ApplicationController < ActionController::Base
...
helper_method :correct_user
private
def correct_user( object, path )
redirect_to path unless object.user == current_user
end
end
You should do the following :
def edit
#foo = current_user.foos.find(params[:id])
end
This way, only if the current user is the owner of the Foo he will be able to see it.