Do you know - can declarative_authorization control access to namespace'd resources or not? I've tried something like
has_permission_on [:admin, :users], :to => [:index, :show, :new, :create, :edit, :update, :destroy, :search]
but it's not working :( any ideas on this?
This will work:
has_permission_on :admin_users, :to => [:index, :show, :new, :create, :edit, :update, :destroy, :search]
declarative_authorization prefixes the resource name with the namespace as [:admin, :users] could also mean that the user has permission on the admin_controller and the users_controller.
Related
I am creating a Task Manager.
So, I have:
A dashboard where I can do CRUD for tasks (and then I will assign them a group)
A group section where I can go inside a group and do CRUD for tasks
Then my routes would look something like this:
Rails.application.routes.draw do
devise_for :users
namespace :api, defaults: { format: :json } do
namespace :v1 do
resources :groups, only: [ :index, :show, :create, :update, :destroy] do
member do
resources :tasks, only: [:index, :show, :create, :update, :destroy]
end
end
resources :tasks, only: [:index, :show, :create, :update, :destroy]
end
end
end
For this:
A dashboard where I can do CRUD for tasks (and then I will assign them a group)
resources :tasks, only: [:index, :show, :create, :update, :destroy]
And for this:
A group section where I can go inside a group and do CRUD for tasks
resources :groups, only: [ :index, :show, :create, :update, :destroy] do
member do
resources :tasks, only: [:index, :show, :create, :update, :destroy]
end
end
But I feel this is duplicating routes. I have 2 questions:
Is this the right approach or would there be a better way to solve it?
If I go with this, how would I approach the controller actions? Since in one situation (2) we would get the params[:group_id] but in the other I would need to add it as strong_params. Would an if-else condition work? (if there is no [:group_id] in strong_params then take the params[:group_id])
Thanks!
Is this the right approach or would there be a better way to solve it?
No. Not really.
Deeply nested routes quickly become cumbersome to work with so you should consider using shallow nesting. This only nests the collection routes (index, new, create) and not the member routes (show, edit, update, destroy).
If tasks have a unique id you should be able to show, edit, update and destroy them without the group being involved. The exception to this rule is if tasks are only unique per group (but why?).
In an API this is especially true. The backend shouldn't need to know that you're modifying the resource from page X or Y in your frontend application.
You can use the shallow: true option to generate shallow routes but I would probally just define it as:
# This respresents tasks not nested in a group
resources :tasks, only: [:index, :show, :create, :update, :destroy]
resources :groups, only: [:index, :show, :create, :update, :destroy] do
resources :tasks, only: [:index, :create]
end
If I go with this, how would I approach the controller actions?
There are really two different approaches here. One I call the "param sniffing method":
module API
module V1
class TasksController
# GET /api/v1/groups/1/tasks
# GET /api/v1/tasks
def index
if params[:group_id]
render json: Group.find(params[:group_id]).tasks
else
render json: Task.all
end
end
end
end
end
This is the most obvious solution but blatantly violates the Single Responsibity Principle and increases the cyclic complexity of all the methods.
The other solution is to route the nested representation of the resource to a separate controller:
# This respresents tasks not nested in a group
resources :tasks, only: [:index, :show, :create, :update, :destroy]
resources :groups, only: [ :index, :show, :create, :update, :destroy] do
resources :tasks, only: [:index, :create], module: :groups
end
This routes the /groups/:group_id/tasks routes into API::V1::Groups::TasksController.
module API
module V1
class TasksController
# GET /api/v1/tasks
def index
render json: Task.all
end
end
end
end
module API
module V1
module Groups
class TasksController
before_action :set_group
# GET /api/v1/groups/1/tasks
def index
render json: #group.tasks
end
private
def set_group
#group = Group.find(params[:group_id])
end
end
end
end
end
You could also just do resources :tasks, only: [:index, :create], controller: :group_tasks if you want to avoid nesting the contants one more step.
I have the following routes
resources :eclubs, except: [:show]
namespace :eclubs do
resources :leaders, only: [:index, :show, :new, :create, :destroy]
resources :members, only: [:index, :show, :new, :create, :destroy]
end
However, /eclubs/members does not routes to the index action of the Eclubs::Members controller. Instead it routes to the show action of the Eclubs controller. How do I fix this?
Because it is declared first, the Eclubs controller is being given precedence over the Eclubs::Members. Instead declare the Eclubs controller's routes last e.g.
namespace :eclubs do
resources :leaders, only: [:index, :show, :new, :create, :destroy]
resources :members, only: [:index, :show, :new, :create, :destroy]
end
resources :eclubs, except: [:show]
I am using devise and therefore do not need a users controller.However, i also need nested routes and my config.routes looks like this;
devise_for :admin_users, ActiveAdmin::Devise.config
ActiveAdmin.routes(self)
devise_for :users
resources :users do
resources :personal_accounts,path: "user_account", only: [:show] do
resources :deposits, only: [:new, :show, :create, :index]
resources :withdraws, only: [:new, :show, :create, :index]
end
resources :businesses do
resources :business_accounts, path: "business_account", only: [:show] do
resources :business_withdraws, only: [:new, :show, :create, :index]
resources :business_deposits, only: [:new, :show, :create, :index]
end
end
end
How can i go past this error while also maintaining my nested routes.
Thank you.
You have three levels of nested routes there, which is normally considered to be undesirable: http://edgeguides.rubyonrails.org/routing.html#nested-resources
Resources should never be nested more than 1 level deep.
This bit resources :users do will create all the named routes for the users controller, which I suspect is where your error comes from. Why do you need this? Better perhaps to specify the routes without it?
resources :personal_accounts,path: "user_account", only: [:show] do
resources :deposits, only: [:new, :show, :create, :index]
resources :withdraws, only: [:new, :show, :create, :index]
end
I have two controllers dashboard and posts. Im trying to put the post's :new, :create, :destroy, :edit, :update actions within dashboard url like this dashboard/posts/new. But the im talking to the new action in the posts controller. Not in the dash controller. Here's my routes.rb file :
resources :posts, :except => [:new, :create, :destroy, :edit, :update]
get 'dashboard', to: 'dash#show'
namespace :dashboard do
resources :posts, :only => [:new, :create, :destroy, :edit, :update]
end
get 'dashboard/posts', to: 'dash#posts'
The two controllers in question are : dash and posts
Now when I try to visit http://localhost:3000/dashboard/posts/new it says :
ActionController::RoutingError at /dashboard/posts/new
uninitialized constant Dashboard
How to fix this?
Assuming that you have two controllers DashController and PostsController.
And you want to access few of the posts routes within the scope of namespace then you can define the routes as below:
resources :posts, :only => [:index, :show]
get 'dashboard', to: 'dash#show'
scope :dashboard do
resources :posts, controller: :posts ,:only => [:new, :create, :destroy, :edit, :update]
end
get 'dashboard/posts', to: 'dash#posts'
The constant "Dashboard" can't be found. I think the problem is that you sometimes use dash and sometimes use dashboard.
I have a resource defined in my routes file as follows:
resources :accounts, :only => [:show, :new, :edit, :create, :update], :member => {
:profile_avatar => :get
}
In turn, in my accounts#show view I have the following code:
<%= image_tag(profile_avatar_account_path(#account, :jpg), :alt => "#{#account.username}", :title => "#{#account.username}") %>
When pulling up the page I get the following error in my production log:
ActionView::Template::Error (undefined method `profile_avatar_account_path' for #<#<Class:0x7f3fdb166260>:0x7f3fdb7bc4e8>):
Does rails 3.0 not support member anymore or is there a different way of doing this?
Thank you,
Brian
It should be
resources :accounts, :only => [:show, :new, :edit, :create, :update] do
member do
get 'profile_avatar'
end
# or
get 'profile_avatar', :on => :member
end
Try:
resources :accounts, :only => [:show, :new, :edit, :create, :update] do
get => 'profile_avatar', :on => :member
end
resources :accounts, :only => [:show, :new, :edit, :create, :update] do
member do
get :profile_avatar
end
end