I have a user model and inside active admin i have written like
ActiveAdmin.register User do
controller do
def permitted_params
params.require(:user).permit(:username,:email,:password,:password_confirmation,
:admin, :locked, :first_name, :last_name, :work_phone, :cell_phone,
:cell_carrier, :fax, :temp_password,
:active, :company_id, :group_id, role_ids:[])
end
def create
#user = User.new(params[:user])
if #user.save
redirect_to admin_users_path
else
render :new
end
end
end
end
But when ever i am trying to create the user its showing an error like. ActiveModel::ForbiddenAttributesError - ActiveModel::ForbiddenAttributesError:
What i am doing wrong ?
Inherited Resources is a little weird with permitted params. You don't actually get to require key. You have to pass a hash to the permit method.
If you're using the latest version of ActiveAdmin, you should also be able to use the permit_params method.
ActiveAdmin.register User do
permit_params :username, :email, :password, :password_confirmation,
:admin, :locked, :first_name, :last_name, :work_phone, :cell_phone,
:cell_carrier, :fax, :temp_password,
:active, :company_id, :group_id, role_ids:[]
end
end
Also, if you are going to override the create method, you must use permitted_params in place of params[:user], which is most likely the cause of the current error you're getting. It doesn't look like you're actually doing anything special in your custom create action, though, so unless you plan to do something more, you should probably just let ActiveAdmin handle the controller actions.
Related
I am really new to rails and i encountered this problem,
so I am using Devise for the authentication, the problem is I have created a separate HTML page file for user to edit their information, and I was wondering how to use it on Devise to update the users' information.
Thank you very much!
You can define the resource and resource_name variables used by Devise, which aren't initialized from outside a "custom" Devise controller and this way use them as in every form, in any controller.
You can add them to your app/helpers/application_helper.rb to make them be available for the most of your views:
module ApplicationHelper
def resource_name
:user
end
def resource
#resource ||= User.new
end
def devise_mapping
#devise_mapping ||= Devise.mappings[:user]
end
end
Or in the case you don't think is needed to use the helper "way", then you can pass the resource_name in your form_for and in your definedurl` option, like:
<%= form_for :user, url: session_path(:user) do |f| %>
...
<% end %>
I’m using Rails 4.2.4. In my controller I have this
def update
#user = current_user
if #user.save_with_address(user_params)
…
end
private
def user_params
params.require(:user).permit(:first_name, :last_name, :dob, :address, :automatic_import)
end
and in my model (based on my “users” table in which I have a “users.address_id” column), I have this
class User < ActiveRecord::Base
belongs_to :address
attr_accessor :address
but when I submit my form to my “update” method (shown above) with the following data
Parameters: {"utf8"=>"✓", "authenticity_token"=>”tjLutbCuZUmLImSRnoRUCtcG8O0u070YixqjnMm5hmAZhn94fFte4jpWgB4hoOstiP9vJTj/c081EJ8NYnbMvg==", "user"=>{"first_name"=>"D.", "last_name"=>”LastName”, "dob(2i)"=>"", "dob(3i)"=>"", "dob(1i)"=>"", "address"=>{"city"=>"golden", "state"=>"3547", "country"=>"0"}, "automatic_import"=>"0"}, "commit"=>"Save", "id"=>"1"}
I get a “Unpermitted parameter: address” message when my “user_params” function is called and my address object isn’t saved as part of my user object. What do I need to structure differently to avoid this?
Since address is a hash you have to specify all its individual fields.
params.require(:user).permit(:first_name, :last_name, address: [:city, :state, :country])
I went off the Devise Page so that users can change their password inside ActiveAdmin. The method 3 doesn't work as is, so I had to modify it a bit for ActiveAdmin
ActiveAdmin.register_page 'UserPassword' do
def user_params
params.required(:user).permit(:password, :password_confirmation)
end
page_action :update_password, method: :post do
#user = AdminUser.find(current_admin_user.id)
if #user.update(params.required(:user).permit(:password, :password_confirmation))
# Sign in the user by passing validation in case their password changed
sign_in #user, :bypass => true
redirect_to admin_root_path, notice: "Your password was changed"
else
redirect_to admin_userpassword_path, alert: "Your password couldn't be changed"
end
end
content do
render partial: 'edit', locals: {user: current_admin_user}
end
end
I had to change if #user.update(params.required(:user).permit(:password, :password_confirmation)) because if (#user.update(user_params)) would throw an error saying undefined local variable or method user_params
is the code I have listed above the correct approach to being able to let users change their passwords inside the ActiveAdmin layout?
I would register the User model as a resource in ActiveAdmin. Then you can use the form block to create a form, where the use can change the password.
ActiveAdmin.register User do
...
form do |f|
inputs 'Details' do
input :password
input :password_confirmation
end
actions
end
...
end
Currently my application is using devise and my users are required to enter a password when updating their profile.
I am working on implementing an additional field to my user's table which remembers their sidebar navigational preference (expanded or collapsed). For testing, I setup a boolean field called "menu_collapsed" which is set to "false" by default.
I am trying to have this value updated to "true" remotely when the user decides to condense the sidebar menu.
Index
<li><%= link_to('Toggle', toggle_menu_preference_user_path(#user), :method => :put) %></li>
Routes
resources :users do
member { put :toggle_menu_preference }
end
Users Controller
def toggle_menu_preference
#user = current_user
#user.menu_collapsed = !#user.menu_collapsed
#user.save
end
Application Controller
def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:first_name, :last_name, :email, :account_id, :account_name, :password, :password_confirmation) }
devise_parameter_sanitizer.for(:account_update).concat([:name])
end
When I click on the link, it will process the request but I hit a wall with Devise wanting the user to include their password.
Is there a way to by pass the requirement for a password just for this user attribute?
This seems to work like a charm!
Tested on local host as well as Heroku
Application Controller (added :menu_collapsed) to sanitizer
def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_up) { |u| u.permit(:first_name, :last_name, :email, :account_id, :account_name, :password, :password_confirmation) }
devise_parameter_sanitizer.for(:account_update).concat([:name, :menu_collapsed])
end
Routes
resources :users do
member { put :toggle_menu_preference }
end
User Controller
def menu_preference
#user = current_user
#user.menu_collapsed = !#user.menu_collapsed
#user.save
if #user.menu_collapsed
render :nothing => true
else
render :nothing => true
end
end
View
<%= link_to menu_preference_user_path(current_user), id: "layout-condensed-toggle", remote: true do %>
<div class="iconset top-menu-toggle-dark"></div>
<% end %>
I can't understand why permit_params wont work with custom create action.
For example lets take basic AdminUser resource.
By default all is working fine. We have:
ActiveAdmin.register AdminUser do
permit_params :email, :password, :password_confirmation
form do |f|
f.inputs "Admin Details" do
f.input :email
f.input :password
f.input :password_confirmation
end
f.actions
end
end
But as soon we add custom create for some reasons permit_params wont work anymore.
ActiveAdmin.register AdminUser do
permit_params :email, :password, :password_confirmation
form do |f|
f.inputs "Admin Details" do
f.input :email
f.input :password
f.input :password_confirmation
end
f.actions
end
controller do
def create
AdminUser.create(params[:admin_user])
do_some_magic_stuff_here
redirect_to backend_admin_users_path, notice: 'Custom create'
end
end
end
I got error "ActiveModel::ForbiddenAttributesError" in line "AdminUser.create(params[:admin_user])"
Tried many possible solutions and only one worked for me, but i really don't like this:
def create
AdminUser.create(params[:admin_user].permit(:email, :password, :password_confirmation))
do_some_magic_stuff_here
redirect_to admin_admin_users_path, notice: 'Custom create'
end
I can't understand why i can't get to work default way as it should work:
def admin_user_params
params.require(:admin_user).permit(:email, :password, :password_confirmation)
end
Can someone explain me please what is happening here? Any nice way to have custom actions work with permit_params?
permit_params is just part of the AA DSL that defines a method called permitted_params, which in turn is called from the create and update actions. Try this:
permit_params :email, :password, :password_confirmation
controller do
def create
#admin_user = AdminUser.create(permitted_params)
do_some_magic_stuff_here
redirect_to backend_admin_users_path, notice: "Custom create"
end
end
permit_params is really just a simpler form of the old, but still valid way of enabling strong parameters:
controller do
def permitted_params
params.permit admin_user: [:email, :password, :password_confirmation]
end
end
Been struggling with the same problem here. The most strange thing is that it works on nitrous.io box but on my production server it doesn't. I've checked and I'm using the same rails 4.2.0 version.
Regards
Fak