I'm trying to allow users to change their email addresses which devise uses as their unique username. Even though the update gives no errors, no change is made to the email address for the user in the database.
Here are the relevant portions of code:
Form:
<%= f.fields_for :user_account, #user.user_account do |user_account| %>
<p>Edit email address for account: <%= #user.user_account.email %></p>
<div class="field">
<%= user_account.label :new_email %><br />
<%= user_account.text_field :email, autocomplete: "off", value: nil %>
</div>
<div class="field">
<%= user_account.label :password %> <i>(please confirm the password associated with this account)</i><br />
<%= user_account.password_field :current_password, autocomplete: "off" %>
</div>
<%= hidden_field_tag 'form', 'email' %>
<div class="actions">
<%= user_account.submit "Edit" %>
</div>
controller:
def update
respond_to do |format|
if params[:form] == 'email'
if #user.user_account.valid_password?(params[:user][:user_account_attributes][:current_password])
if #user.update(user_params)
format.html { redirect_to user_path(#user), :notice => 'your new email has been saved' }
format.json { render :show, status: :ok, location: #user }
else
format.html { render :edit }
format.json { render json: #user.errors, status: :unprocessable_entity }
end
else
format.html { redirect_to edit_email_path(#user), :notice => 'incorrect password (email)' }
end
else ...
the user_params method:
def user_params
params.require(:user).permit(
:first_name, :middle_initial, :last_name,
:linkedin, :website, :facebook, :video, :phone_number,
:address_1, :address_2, :city, :zip_code,
:image, :number, :years_practicing, :neighborhood, :biography, :price, :status,
user_employments_attributes: [:id, :user_id, :company, :position, :start_date, :end_date, :info, :_destroy],
user_educations_attributes: [:id, :user_id, :school, :degree_title, :start_date, :end_date, :info, :_destroy],
user_account_attributes: [:id, :user_id, :email, :password, :password_confirmation, :_destroy],
user_category_ids:[])
end
user account model:
class UserAccount < ActiveRecord::Base
# Include default devise modules. Others available are:
# , :lockable, :timeoutable and :omniauthable
devise :database_authenticatable, :registerable, :confirmable,
:recoverable, :rememberable, :trackable, :validatable
belongs_to :user
end
Ok, so it turns out that the new email address was being saved as :unconfirmed_email, but this did not change any of the functionality of the linked account, since the account still had the old email stored as :email.
Thus I had to do
user.confirmed_at = nil
user.save(:validate => false)
in order for the user confirmation email to be resent and so that the login form would no longer accept the old password.
I am not sure, but I think, in your user model there should be
accepts_nested_attributes_for :user_account
Related
I am trying to create a page within my application that shows all listings from a specific user. I am using Devise gem for my users. i do not need/want authentication, therefore the page should be open the the general public. I have already created a "Seller" page where a seller can manage their own listings. so how can I create a link on each listing on my homepage that connects the
<p><%= "Sold by #{listing.user.name}" %></p>
the new show page for that user? thanks!
my listings_controller:
class ListingsController < ApplicationController
before_action :set_listing, only: [:show, :edit, :update, :destroy]
before_filter :authenticate_user!, only: [:seller, :new, :create, :edit, :update, :destroy]
before_filter :check_user, only: [:edit, :update, :destroy]
def seller
#listings = Listing.where(user: current_user).order("created_at DESC")
end
# GET /listings
# GET /listings.json
def index
if params[:category].blank?
#listings = Listing.all.order("created_at DESC").paginate(:page => params[:page], :per_page => 16)
else
#category_id = Category.find_by(name: params[:category]).id
#listings = Listing.where(category_id: #category_id).order("created_at DESC").paginate(:page => params[:page], :per_page => 16)
end
end
# GET /listings/1
# GET /listings/1.json
def show
end
# GET /listings/new
def new
#listing = Listing.new
end
# GET /listings/1/edit
def edit
end
# POST /listings
# POST /listings.json
def create
#listing = Listing.new(listing_params)
#listing.user_id = current_user.id
if current_user.recipient.blank?
Stripe.api_key = ENV["STRIPE_API_KEY"]
token = params[:stripeToken]
recipient = Stripe::Recipient.create(
:name => current_user.name,
:type => "individual",
:bank_account => token
)
current_user.recipient = recipient.id
current_user.save
end
respond_to do |format|
if #listing.save
format.html { redirect_to #listing, notice: 'Listing was successfully created.' }
format.json { render :show, status: :created, location: #listing }
else
format.html { render :new }
format.json { render json: #listing.errors, status: :unprocessable_entity }
end
end
end
# PATCH/PUT /listings/1
# PATCH/PUT /listings/1.json
def update
respond_to do |format|
if #listing.update(listing_params)
format.html { redirect_to #listing, notice: 'Listing was successfully updated.' }
format.json { render :show, status: :ok, location: #listing }
else
format.html { render :edit }
format.json { render json: #listing.errors, status: :unprocessable_entity }
end
end
end
# DELETE /listings/1
# DELETE /listings/1.json
def destroy
#listing.destroy
respond_to do |format|
format.html { redirect_to listings_url, notice: 'Listing was successfully destroyed.' }
format.json { head :no_content }
end
end
private
# Use callbacks to share common setup or constraints between actions.
def set_listing
#listing = Listing.find(params[:id])
end
# Never trust parameters from the scary internet, only allow the white list through.
def listing_params
params.require(:listing).permit(:name, :category_id, :description, :price, :image)
end
def check_user
if current_user != #listing.user
redirect_to root_url, alert: "Sorry, this listing belongs to someone else"
end
end
end
my current routes:
Rails.application.routes.draw do
mount RailsAdmin::Engine => '/admin', as: 'rails_admin'
resources :categories
devise_for :users
resources :listings do
resources :orders, only: [:new, :create]
end
get 'pages/about'
get 'pages/contact'
get 'seller' => "listings#seller"
get 'sales' => "orders#sales"
get 'purchases' => "orders#purchases"
# or
root 'listings#index'
end
and finally, my listing model:
class Listing < ActiveRecord::Base
if Rails.env.development?
has_attached_file :image, :styles => { :medium => "200x", :thumb => "100x100>" }, :default_url => "404.jpg"
else
has_attached_file :image, :styles => { :medium => "200x", :thumb => "100x100>" }, :default_url => "404.jpg",
:storage => :dropbox,
:dropbox_credentials => Rails.root.join("config/dropbox.yml"),
:path => ":style/:id_:filename"
end
validates_attachment_content_type :image, :content_type => /\Aimage\/.*\Z/
validates :name, :category_id, :description, :price, presence: true
validates :price, numericality: { greater_than: 0}
validates_attachment_presence :image
belongs_to :user
belongs_to :category
has_many :orders
end
my index page where I want to link to the seller specific page
<div class="center">
<div class="row">
<% #listings.each do |listing| %>
<div class="col-md-3">
<div class="thumbnail">
<%= link_to image_tag(listing.image.url), listing %>
<div class="caption">
<h3><%= listing.name %></h3>
<p><%= number_to_currency(listing.price) %></p>
<p><%= "Sold by #{listing.user.name}" %></p>
</div>
</div>
</div>
<% end %>
</div>
</div>
<br>
<div class="center">
<%= will_paginate #posts, renderer: BootstrapPagination::Rails %>
</div>
<% if user_signed_in? %>
<div class="right">
<%= link_to new_listing_path, class: "btn btn-primary", data: { no_turbolink: true } do %>
<i class="glyphicon glyphicon-plus"></i> New Listing
<% end %>
</div>
<% end %>
<br>
'User' is a model that you have created: devise only manages sessions, registrations, passwords, unlocks, and confirmations (the gem provides a controller for each one of these).
You should create your own UsersController, in which you can define the show action that you need. You should also declare a different path in your routes, or you'd have a conflict as '/users' is already used by devise. Something like
resources :users, only: [:show], path: 'sellers'
Then you can use
<p><%= "Sold by #{link_to listing.user.name, user_path(listing.user)}" %></p>
I've always had trouble with has_many :through relationships on join tables and am stuck again on where I'm going wrong. I think it might be in my controller as I'm still getting to grips with how it all works.
I have three models:
class Role < ActiveRecord::Base
has_many :assignments, inverse_of: :role
has_many :employees, :through => :assignments
accepts_nested_attributes_for :assignments
end
class Employee < ActiveRecord::Base
has_many :assignments, inverse_of: :employee
has_many :roles, :through => :assignments
accepts_nested_attributes_for :assignments
end
class Assignment < ActiveRecord::Base
belongs_to :employee, inverse_of: :assignment
belongs_to :role, inverse_of: :assignment
accepts_nested_attributes_for :employee
accepts_nested_attributes_for :role
end
I'd like to be able to set the pre-created role for an employee when creating or editing an employee. My New Employee form is as follows:
<%= semantic_form_for #employee do |f| %>
<%= render 'shared/error_messages' %>
<%= f.inputs do %>
<%= f.input :first_name %>
<%= f.input :last_name %>
<%= f.input :email %>
<%= f.input :password %>
<%= f.input :password_confirmation %>
<%= semantic_fields_for :roles do |role| %>
<%= role.input :role, :as => :select, :collection => Role.all %>
<%= role.semantic_fields_for :assignments do |assignment| %>
<%= assignment.input :start_date, :as => :date_select %>
<%= assignment.input :end_date, :as => :date_select %>
<%= assignment.input :assignment_no %>
<%= assignment.input :assignment_id %>
<% end %>
<% end %>
<% end %>
<%= f.actions do %>
<%= f.action :submit, :as => :button %>
<%= f.action :cancel, :as => :link %>
<% end %>
<% end %>
and finally my Employee Controller is:
class EmployeesController < ApplicationController
before_action :set_employee, only: [:show, :edit, :update, :destroy]
def index
#employees = Employee.paginate(page: params[:page])
end
def show
end
def new
#employee = Employee.new
role = #employee.roles.build
end
def edit
#employee = Employee.find(params[:id])
end
def create
#employee = Employee.new(employee_params)
if #employee.save
#employee.send_activation_email
flash[:info] = "Please check your email to activate your account."
redirect_to root_url
else
render 'new'
end
end
def update
respond_to do |format|
if #employee.update(employee_params)
flash[:success] = "Profile updated"
format.html { redirect_to #employee, notice: 'Employee was successfully updated.' }
format.json { render :show, status: :ok, location: #employee }
else
format.html { render :edit }
format.json { render json: #employee.errors, status: :unprocessable_entity }
end
end
end
def destroy
Employee.find(params[:id]).destroy
flash[:success] = "Employee deleted"
respond_to do |format|
format.html { redirect_to employees_url, notice: 'Employee was successfully destroyed.' }
format.json { head :no_content }
end
end
private
# Use callbacks to share common setup or constraints between actions.
def set_employee
#employee = Employee.find(params[:id])
end
# Never trust parameters from the scary internet, only allow the white list through.
def employee_params
params.require(:employee).permit(:avatar, :email, :first_name, :last_name, :password, :assignments_attributes => [:employee_id, :role_id, :roles_attributes => [:id, :employee_id, :PID]])
end
end
I appreciate that this subject is always on Stackoverflow, but I can't seem to translate any of the problems into where I am. Any help would be greatly appreciated!
The console output is as follows:
Started POST "/employees" for 127.0.0.1 at 2015-05-16 18:05:34 +0200
source=rack-timeout id=d5933405c94d9c2e8bca3332564528ec timeout=60000ms service=25ms state=active
Processing by EmployeesController#create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"TgHHELkt2zXUtS474WwGeHcmfKKw/broHxRdhlsF1P4JyGoa+03rchb6mfxbOSXKdrPgcJMeBCyIlCMHqPlQBA==", "employee"=>{"first_name"=>"John", "last_name"=>"Smith", "email"=>"john#smith.com", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]"}, "roles"=>{"role"=>"2", "assignments"=>{"start_date(1i)"=>"2012", "start_date(2i)"=>"7", "start_date(3i)"=>"5", "end_date(1i)"=>"2016", "end_date(2i)"=>"3", "end_date(3i)"=>"1", "assignment_no"=>"4", "assignment_id"=>"A3392822"}}, "button"=>""}
Unpermitted parameter: password_confirmation
(0.2ms) BEGIN
source=rack-timeout id=d5933405c94d9c2e8bca3332564528ec timeout=60000ms service=1113ms state=active
SQL (70.3ms) INSERT INTO "employees" ("email", "first_name", "last_name", "password_digest", "created_at", "updated_at", "activation_digest") VALUES ($1, $2, $3, $4, $5, $6, $7) RETURNING "id" [["email", "john#smith.com"], ["first_name", "John"], ["last_name", "Smith"], ["password_digest", "$2a$10$g3PNppheVZ8AFnnKuWg6secBdGev0NlCXjUx.RXsky03Xl9L3CubO"], ["created_at", "2015-05-16 16:05:35.422312"], ["updated_at", "2015-05-16 16:05:35.422312"], ["activation_digest", "$2a$10$L0yFuvmlJon7fWod6lHj..O7yDRaqwqTlTkJgD7Evqx.dA4pDTlBC"]]
(133.0ms) COMMIT
(I'm working on a very slow computer!)
The problem:
When I'm editing the contents of a nested model, it saves new entries instead of editing the ones already there.
The models:
# job.rb
class Job < ActiveRecord::Base
# Relations
has_many :logs, :dependent => :destroy
accepts_nested_attributes_for :logs, allow_destroy: true, reject_if: proc { |a| a['user_id'].blank? }
end
# log.rb
class Log < ActiveRecord::Base
belongs_to :job
belongs_to :user
# a single user should not be logged more than once per job
validates :user_id, uniqueness: { scope: :job_id }
end
# user.rb
class User < ActiveRecord::Base
has_many :logs
validates_presence_of :name
def self.all_active
User.where( active: 1 )
end
end
The Job controller:
class JobsController < ApplicationController
before_action :set_job, only: [:show, :edit, :update, :destroy]
def index
#jobs = Job.all
end
def show
end
def new
#job = Job.new
10.times { #job.logs.build }
end
def edit
( #job.people - #job.logs.count ).times { #job.logs.build }
end
def create
#job = Job.new(job_params)
# Set the admin id
#job.logs.each do |log|
log.admin_id = current_admin.id
end
respond_to do |format|
if #job.save
format.html { redirect_to #job, notice: 'Job was successfully created.' }
format.json { render :show, status: :created, location: #job }
else
format.html { render :new }
format.json { render json: #job.errors, status: :unprocessable_entity }
end
end
end
def update
respond_to do |format|
if #job.update(job_params)
format.html { redirect_to #job, notice: 'Job was successfully updated.' }
format.json { render :show, status: :ok, location: #job }
else
format.html { render :edit }
format.json { render json: #job.errors, status: :unprocessable_entity }
end
end
end
def destroy
#job.destroy
respond_to do |format|
format.html { redirect_to jobs_url, notice: 'Job was successfully destroyed.' }
format.json { head :no_content }
end
end
private
# Use callbacks to share common setup or constraints between actions.
def set_job
#job = Job.find(params[:id])
end
# Never trust parameters from the scary internet, only allow the white list through.
def job_params
params.require(:job).permit(:people, :logs_attributes => [:user_id])
end
end
The Job Form
<%= form_for(#job) do |f| %>
<% if #job.errors.any? %>
<div id="error_explanation">
<h2><%= pluralize(#job.errors.count, "error") %> prohibited this job from being saved:</h2>
<ul>
<% #job.errors.full_messages.each do |message| %>
<li><%= message %></li>
<% end %>
</ul>
</div>
<% end %>
<div class="row">
<div class="small-3 columns"><%= f.label :people %></div>
<div class="small-9 columns"><%= f.integer :people %></div>
</div>
<table>
<%= f.fields_for :logs do |builder| %>
<%= render 'logs/form', { f: builder } %>
<% end %>
</table>
<div class="actions">
<%= f.submit %>
</div>
The Logs Partial:
<tr>
<td>
<%= f.label :user_id %><br>
<%= f.collection_select(:user_id, User.all_active, :id, :name, { :prompt => 'Select User' } ) %>
</td>
<td>
<%= f.label :performance %><br>
<%= f.number_field :performance %>
</td>
</tr>
Creating the job works fine. I then go to edit the entry. On the job edit screen, I see all of the logs included along with a few remaining blank log entry lines (due to the 10.times #logs.build in the Job controller).
Now, without editing anything, I click submit. I get the following error:
1 error prohibited this war from being saved:
Logs user has already been taken
Additionally, the original entries are shown, and then below them are the same exact entries duplicated, but "red" due to the error. The list of blank entries (from 10.times) is no longer showing.
However, from the editing screen, if I change ALL of the logs' users to something else, I will not get an error. It will instead create new entries with those newly-selected users instead of modifying the current entries.
I hope I've provided enough information to get this resolved! Thanks
So, it turns out that the problem was caused by not whitelisting the :id parameter of the log.
I altered my job_controller:
From:
def job_params
params.require(:job).permit(:people, :logs_attributes => [:user_id])
end
To:
def job_params
params.require(:job).permit(:people, :logs_attributes => [:id, :user_id])
end
That was what was causing the problem with validation! This may be too complex of q/a to help anyone, but hey, it just might!
Hi am working on sample app where I am using devise for authentication.
I am adding following extra parameters while registration.
:first_name, :last_name, :mobile, :gender, :address
But I am getting following Unpermitted parameters: first_name, last_name, password_confirmation error while registering new user.
I refereed following links
Add Custom Field/Column to Devise with Rails 4
http://www.jacopretorius.net/2014/03/adding-custom-fields-to-your-devise-user-model-in-rails-4.html
But it didn't worked. Here is not code set
user.rb
class User < ActiveRecord::Base
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :trackable, :validatable
validates_confirmation_of :password, :only => :create
end
I also implemented same in application controller but it didn't worked so I created separate
registration controller.
registration_controller.rb
class RegistrationsController < Devise::RegistrationsController
before_filter :configure_permitted_parameters
protected
def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_up) do |u|
u.permit(:first_name, :last_name, :mobile, :gender, :address, :email, :password, :password_confirmation)
end
devise_parameter_sanitizer.for(:account_update) do |u|
u.permit(:name,
:email, :password, :password_confirmation, :current_password)
end
end
end
application_controller.rb
class ApplicationController < ActionController::Base
protect_from_forgery with: :exception
private
def after_sign_in_path_for(resource)
user_landing_page
end
def user_landing_page
contact_us_path
end
end
devise/registration/new.html.haml
.container
.row
.col-sm-6.col-md-4.col-md-offset-4
%h1.text-center.login-title Create New Account
.account-wall
%img.profile-img{:alt => "", :src => "https://lh5.googleusercontent.com/-b0-k99FZlyE/AAAAAAAAAAI/AAAAAAAAAAA/eu7opA4byxI/photo.jpg?sz=120"}
= form_for(resource, as: resource_name, class: "form-signin input-medium", url: session_path(resource_name)) do |f|
= f.text_field :first_name, class: "form-control", placeholder: "First Name", autofocus: true
= f.text_field :last_name, class: "form-control", placeholder: "Last Name", autofocus: true
= f.email_field :email, class: "form-control", placeholder: "Email", autofocus: true
= f.password_field :password, class: "form-control", placeholder: "Password", autocomplete: "off"
= f.password_field :password_confirmation, class: "form-control", placeholder: "Confirm Password", autocomplete: "off"
= f.submit "Log in", class: "btn btn-lg btn-primary btn-block login-button"
development.log
Parameters: {"utf8"=>"✓", "authenticity_token"=>"pe7wBW3iWnn39p3nJAi8utbuECj+x8zX/pIxr/6sKbo=", "user"=>{"first_name"=>"first_name", "last_name"=>"last_name", "email"=>"admin#my.com", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]"}, "commit"=>"Log in"}
Unpermitted parameters: first_name, last_name, password_confirmation
Rendered devise/sessions/new.html.haml within layouts/application (6.6ms)
Rendered layouts/_home_header.html.haml (1.2ms)
Completed 200 OK in 426ms (Views: 316.8ms | ActiveRecord: 0.0ms)
routes.rb
Rails.application.routes.draw do
root :to => 'landing#index'
devise_for :users, :controllers => {:registrations => "registrations"}
get '/about_us' => 'statics#about_us', as: :about_us
get '/contact_us' => 'statics#contact_us', as: :contact_us
end
can any one suggest what I am missing.
I am using Rails 4.1.4, ruby 2.1.2 and devise 3.4.1.
As per my understanding, you are registering new user. Here is your mistake
= form_for(resource, as: resource_name, class: "form-signin input-medium", url: session_path(resource_name)) do |f|
you are using session_path that means you are going to "Log In" not for "Sign Up". So change it
= form_for(resource, as: resource_name, class: "form-signin input-medium", url: registration_path(resource_name)) do |f|
I got a NoMethodError when i called <%= #post.admin_user.name %>, don't know how to fix it.
Extracted source (around line #4):
<h1><%= #post.title %></h1>
<p><%= #post.body %></p>
<small>Post created at <%= #post.created_at.strftime('%b %d. %Y') %></small><br/><br/>
<%= #post.admin_user.name %>
<p>Category: <%= link_to #post.category.name, category_path(#post.category.id) %></p>
<%= link_to 'Edit Post', edit_post_path %> | <%= link_to 'Go Back', posts_path %> | <%= link_to 'Delete Post', #post, :confirm => "Don't do it man!", :method => :delete %>
</div>
Showing c:/Sites/blog/app/views/posts/show.html.erb where line #5 raised:
undefined method `name' for nil:NilClass
This is my posts_controller.rb
class PostsController < ApplicationController
def index
#post = Post.all
end
def new
#post = Post.new
#category = Category.all
end
def create
#post = Post.new(post_params)
if #post.save
redirect_to posts_path, :notice => 'Your post has been posted!'
else
render 'new'
end
end
def post_params
params.require(:post).permit(:title, :body, :category_id, :admin_user_id, :admin_user, :name)
end
def edit
#post = Post.find(params[:id])
end
def update
#post = Post.find(params[:id])
if #post.update_attributes(post_params)
redirect_to post_path, :notice => 'Your post has been updated.'
else
render 'new'
end
end
def show
#post = Post.find(params[:id])
#user = AdminUser.all
end
def destroy
#post = Post.find(params[:id])
#post.destroy
redirect_to posts_path, :notice => 'Your post has been deleted.'
end
end
This is my post.rb
class Post < ActiveRecord::Base
belongs_to :category
belongs_to :admin_user
end
My admin_user.rd
class AdminUser < ActiveRecord::Base
# Include default devise modules. Others available are:
# :confirmable, :lockable, :timeoutable and :omniauthable
devise :database_authenticatable,
:recoverable, :rememberable, :trackable, :validatable
has_many :posts
end