-
watch on iTunes
-
follow on Twitter
-
follow on Facebook
-
subscribe to RSS feed
watch on iTunes
follow on Twitter
follow on Facebook
subscribe to RSS feed
Ryan (comment 41):
"Hackable" is a loaded word. In this case, we're talking about authenticated users modifying data that they shouldn't be able to modify.
If a user modifies her first name, it's not hacking, and first_name is something that would definitely go in attr_accessible. We don't care if she does it via the website, or curl, or anything else; if she's logged in, she can edit her name. So, you could say that it's okay for first_name to be "hackable".
However, if a user attempted to modify her admin status, that's definitely hacking. Even though she's logged in, she shouldn't be able to set her admin column from 0 to 1. Obviously, we wouldn't provide a way for her to do this via the website, but excluding the admin column from attr_accessible prevents her from doing it with curl or other utilities.
Make sense?
How would i show the search box on my view and what would the code be????
Oh... It is not work on lib folder. On controller it is work ok
For those who are having trouble seeing roles in your sign up, its because you haven't populated your database with any roles.
So fire up your console (script/console) and enter
http://pastie.org/797950
You can use whatever names you want, but remember to change config/authorization_rules.rb files accordingly.
The for loop in the searches show action is going to be:
<% for product in @search.products do %>
Hello, many thanks for great screen cast!
Maybe someone could help with my problem. I have model called wiw_user and action detach mapped with "map.resource :wiw_users, :member => {:detach => :put}", but the link "link_to 'Detach', detach_wiw_users_path(wiw_user)" does not work, reports that I have a nil when I didn't expect it! And that's true, however wiw_user is not nil and without passing the parameter, the URL helper generates correct URL.
Seems like the page on how to install mongoDB on OS X and set it to autostart no longer works:(
I will try the Homebrew recipe from @Mislav instead ;)
I kept getting an error in Rails 2.3.5: undefined method 'javascript' when trying to use the command:
<% javascript "prototype" %>
So instead I used:
http://gist.github.com/287391
I cannot understand why you wouldn't do a GET request instead. I mean, sure it will be a long query-string but that also means you could bookmark edit pages. If you keep track of certain products and update them daily that would be excellent.
Or is it really necessary with POST like you said?
+1,210,000,000 for recurring billing. Killer screencast.
Thanks Ryan! At times I feel like we work together. ;)
I watched it yesterday and was thinking it's trival, useless and will never use it. Or not soon.
And now it looks like it's perfect solution for my today's problem at work. Man, how do you do it?
Awesome as ever. Perhaps someone would be kind enough to document f.error_messages in the API docs?
I think that the 2>&1 must be at the end, just before the final &. If you put it before the >> file, it doesn't seem to work.
Also, one should check the path for their rake. If you are using passenger, it could be /usr/local/bin/rake.
I've also added the --rakefile option, for precaution.
The complete line on my setup looks like this:
system
"/usr/local/bin/rake #{task} #{args.join(' ')} --rakefile #{Rails.root}/Rakefile >> #{Rails.root}/log/rake.log 2>&1 &"
einar, I have such error to:
can't dump anonymous class Class (TypeError)
I fix it. See http://d.hatena.ne.jp/milk1000cc/20091002/1254442030
Seems need remove any code under initialize to perform function in job
Error code:
class CrawlJob
def initialize
@agent = WWW::Mechanize.new
end
def perform
...
end
end
True code:
class CrawlJob
def perform
@agent = WWW::Mechanize.new
...
end
end
Ryan,
Love the screenscasts! Can I recommend you do one on an administrative tool like Typus (http://intraducibles.com/projects/typus) or something similar. I have used Typus for the first time recently and found it extremely helpful in getting up and running quickly. It does require some configuration of YAML files but you also have the ability to override pretty much everything.
Keep up the good work! Thanks.
@Chris
I haven't tried it out, but theoretically you could have God monitor its own resource usage. As far as I can tell it just checks the memory and processor percentage using the pidfile, so you could set up a simple watch that transitions immediately to 'up' (since it's obviously running). Then have it monitor memory and cpu usage and notify you when they reach a certain level.
If you want it to restart automatically, you can set up god as a service in /etc/init.d and have god issue a restart command to itself.
Like I said, I haven't tested it, but I don't see why it wouldn't work.
Favorite episode to date! Thanks.
Fixed my problem:
I had to specify my nested model name as plural. The other website example I was reading was only a has_one example.
My nested model is called ChecklistItem
so in my top model I have:
attr_accessible :checklist_items_attributes
has_many :checklist_items
accepts_nested_attributes_for :checklist_items
I have left out my other attr_accessible params and other command options for simplicity.
Great episodes. I am quite new & have a small problem:
I used your nifty_scaffold which adds attr_accessible to the models which I think is then blocking access to the nested attributes.
I have found other web sites referencing this issue saying the solution is to add :modelname_attributes as a parameter to attr_accessible. I have changed modelname to the name of my model, but can't get this to work. I don't get an error, I just don't get my nested fields. Removing the attr_accessible call completely, it all works fine. Is the order of the code in the model important?
Any help appreciated.
You said the route would best be a GET and I agree; why not add :method => :get on the form to make it so?
Very nice episode, thanks a lot!
That's a great episode. Thanks a lot Ryan. It's very useful and perfect to put on practice on every rails project or any project. I like Ruby more. Simple and elegant. Thanks again Ryan.
great episode, as usual :)
+1 for combination with Formtastic.
I love how you make the techniques in each screencast seem so simple, as in, "Why didn't I think of that!".
I think it inspires new guys like myself to sit back and look for a simple solution instead of over thinking a problem, which I tend to do all the time.
More times than not the solution is simple; it just takes a better understanding of the wonder that is rails!
Thanks for your work Ryan. I greatly appreciate it.
I can only get this to work with projects *created* using the latest version of Rails. The questions are never inserted into the database. It doesn't seem to matter that I have upgraded Rails. Does anyone know what I need to change in a project created with an older version to get this to work?
+1 for combination with Formtastic.
Thanks for your work!
Thanks for this screencast Ryan.
Hi Ryan
Thanks for this screencast. I am pointing out another general issue here. I am validating html at
http://validator.w3.org/check
I just added validates_presence_of :name in survey model and without a name when i submit as usual i get the page with error list And when I validates its source I got some error That is exactly as
document type does not allow element "div" here; missing one of "object", "ins", "del", "map", "button" start-tag
<div class="fieldWithErrors"><label for="survey_name">Name</label></div><b.....
Why this happens?Is it any issue?
Thanks again
sijo
This is xcellent screencast. Keep up the good work Ryan. I will be using this in my upcomgin RoR project.
Thanks for this screencast Ryan. This definitely enhances the functionality of episode #165. These casts on dealing with multiple edits, models, nested_attributes etc are extremely helpful for my self.newbie to wrap my head around these things.
Much appreciated,
Branden
i love formtastic. would be great if it is standard like ryans nifty generators.
+1 for combination with Formtastic.
This is awesome, I'd like to se this combined with Formtastic, thanks for the awesome screencast!
I am having a bit of trouble. I get an "unknown attribute:" error.
my new action creates one empty set of nested fields and this saves fine. when I edit the record and add a new set and save I get the error. Any Ideas? newby in trouble :( Also just for info my models are tax_code and tax_rate with _ .
Thanks in Advance
If you want the Code to keep on working,
you have to add a currency code to the paypal_url function in the model:
eg:
:currency_code => 'EUR'
What a post, thanks for your code
@Reza, @Javi, fixed, thanks!
@Rick, validations is something I still need to investigate further, but if I find the need I will consider doing a third part of this series which covers validations. Thanks for the suggestion.
@Ivan, I don't think observe field will work right out of the box with this due to the complexity nesting brings. However you can probably take a look at the generated JavaScript and modify it to work for you.
@Tony, I haven't tested it with Rails 3 yet, but I would guess much of this is still the same.
@Tom, I have yet to investigate polymorphic associations with this, but I'll consider doing an episode on it, thanks for bringing it up.
@mcansky, it should work in Rails 2.3.5, that is the version I'm using. Try downloading the full source code for this episode and see if that works for you. Then compare it to your code to find the difference.
@Matthew, I haven't tried it with HABTM associations and I'm not certain if accepts_nested_attributes_for works with it. I just recommend trying and seeing for yourself.
@Squiddhartha, the previous episode shows as much as one could do without JavaScript. The only major thing missing is the dynamic adding of records which requires JavaScript in order to insert HTML dynamically.
If you want to support it without JavaScript you'll have to handle adding records in a separate step, likely after the parent model is created.
@Dave, I'm not certain what you are referring to with the Populator gem. It works at a lower level than forms so this doesn't really apply there. It also doesn't use ActiveRecord so it can't make use of accepts_nested_attributes_for.
can anybody help me. i always get
unknown attribute: _destroy when trying to delete a record.
What does #{Rails.env} do?
I'm curious about how to use Ryan's Populator plug-in with this... and polymorphic associations. I have something sorta working but it seems hacky and brittle.
@Tom, check out Ryan's noted update on Episode 75 for validation of nested attributes.
I like wheneverize. Problem I bumped into today. It allows only one crontab per user. So if you have 2 apps running they need to be with different user accouns otherwise wheneverize deletes the crontab settings from the other running app?! This seems unnecessary. Maybe the rails app name could be used to differentiate the 2 crontab lists? Does backgroundrb allow for several crons running on same user?
(Might save me some time looking for another suited plugin...)
Hello Ryan, first time posting - big fan...
This is killing me! I think the answer to this will help solve a lot of your commenters woes.
Im trying to do a remote authentication via json from within a JS based accelerator iphone app seen here http://pastie.org/789924 but i keep coming up with the famous ActionController::InvalidAuthenticityToken. I've been searching all night and I find myself more confused than when I started. How does one go about construct this JSON call in order to circumvent the protect_from_forgery method!
Thanks in advance and keep doing the awesome job youre doin...
If you are using RSpec and generate the model with its generator, you need to delete the empty fixture file, otherwise all tests will end with error:
ActiveRecord::StatementInvalid: SQLite3::SQLException: no such table: portable_documents: DELETE FROM "portable_documents" WHERE 1=1
I don't think the original validaiton in rails is suitble for me,I just use Jquery to validate the form in client,not in server.
Nice vid! Thank you!!
This stuff looks extremely handy, and I sure wish it had been available three years ago! However, I have to ask... is there any way of getting the same effects without JavaScript?
Yes, I know, we live in an AJAX world now and everybody should just use JavaScript, but it still seems somehow "purer" to me to not *require* it...
When uploading an image, the exif data stored on the file may produce unintended results. IE... digital cameras store the rotation/orientation of images in the file. Mac OS reads this data, and automatically rotates the image locally (and the image appears to be oriented correctly). However, after uploading, imagemagick ignores the rotation/orientation information in the photo, causing an undesired 90 degree rotation. Keep in mind, that this only happens on unprocessed images. Anywho.... I was tearing my hair out on this, and saving a copy of the image in photoshop seemed to fix the problem.
Meaning, create a simple model and use formtastic to create all of the questions (from the created survey)... I am stuck on a clean way to do this.
hey,
Thanks you so much for all your work Ryan!!
for the rails 2.3.4 use _delete instead of _destroy.
this was fix in 2.3.5 see https://rails.lighthouseapp.com/projects/8994/tickets/2889-rename-_delete-to-_destroy-in-nested-attributes