Change value in DB of associated model through Devise
Question
I am using Devise for users, and I have another model called “Host Requests” that allows users to submit an application for different access levels on the site. In the user model, I have a column (boolean) for the different types of access roles available. I am trying to create an admin dashboard where all the host requests that have been submitted are listed for review. I am trying to create two buttons next to the host request that allows the admin to “Approve” or “Decline” the user's request. If approved, it would change the User DB column to TRUE, if declined it would change it to FALSE. I've added my additional attributes to the Devise Sanitizer for update, but for some reason I can't get the table to update for the user_id attached to the host_request. When the button is clicked, it ends up changing the value for the current_user.
Any help or guidance would be greatly appreciated!!!
Model - user.rb
class User < ApplicationRecord
has_many :host_requests
has_many :timeslots
has_many :experiences
has_many :reservations
# Include default devise modules. Others available are:
# :confirmable, :lockable, :timeoutable and :omniauthable
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :trackable, :validatable, :confirmable
validates :fullname, presence: true, length: {maximum: 50}
after_create :send_admin_mail
def send_admin_mail
UserMailer.send_welcome_email(self).deliver_later
end
end
Model - host_requests.rb
class HostRequest < ApplicationRecord
belongs_to :user
accepts_nested_attributes_for :user
end
Controller - host_requests_controller.rb
class HostRequestsController < ApplicationController
before_action :set_host_request, only: [:show, :edit, :update, :destroy]
load_and_authorize_resource
# GET /host_requests
# GET /host_requests.json
def index
if current_user.admin_role?
redirect_to admin_url
else current_user.host_role?
@host_requests = current_user.host_requests
end
end
# GET /host_requests/1
# GET /host_requests/1.json
def show
end
# GET /host_requests/new
def new
@host_request = HostRequest.new
@host_request.user = current_user
end
# GET /host_requests/1/edit
def edit
end
# POST /host_requests
# POST /host_requests.json
def create
@host_request = current_user.host_requests.new(host_request_params)
respond_to do |format|
if @host_request.save
format.html { redirect_to @host_request, notice: 'Host request was successfully created.' }
format.json { render :show, status: :created, location: @host_request }
else
format.html { render :new }
format.json { render json: @host_request.errors, status: :unprocessable_entity }
end
end
end
# PATCH/PUT /host_requests/1
# PATCH/PUT /host_requests/1.json
def update
respond_to do |format|
if @host_request.update(host_request_params)
format.html { redirect_to @host_request, notice: 'Host request was successfully updated.' }
format.json { render :show, status: :ok, location: @host_request }
else
format.html { render :edit }
format.json { render json: @host_request.errors, status: :unprocessable_entity }
end
end
end
# DELETE /host_requests/1
# DELETE /host_requests/1.json
def destroy
@host_request.destroy
respond_to do |format|
format.html { redirect_to host_requests_url, notice: 'Host request was successfully destroyed.' }
format.json { head :no_content }
end
end
private
# Use callbacks to share common setup or constraints between actions.
def set_host_request
@host_request = HostRequest.find(params[:id])
end
# Never trust parameters from the scary internet, only allow the white list through.
def host_request_params
params.require(:host_request).permit(:user_id, :why_host, :your_skills, :your_eco)
end
end
Form - Admin Dashboard
<% @host_requests.each do |request| %>
<div class="row mr-1 mt-1 ml-1">
<div class="col-md-6">
<p><strong>User Name: </strong><%= request.user.fullname %></p>
<p><strong>Why Host: </strong><%= request.why_host %></p>
</div>
<div class="col-md-6 text-right">
<%= form_for(request.user, url: user_registration_path(request.user), html: { method: :put }) do |f| %>
<%= f.hidden_field :host_role, value: true %>
<%= f.submit "Approve", class: "btn btn-primary pull-right mr-1 ml-1"%>
<% end %>
</div>
</div>
<% end %>
Devise - registrations_controller.rb
class Users::RegistrationsController < Devise::RegistrationsController
# before_action :configure_sign_up_params, only: [:create]
before_action :configure_account_update_params, only: [:update]
def update_resource(resource, params)
resource.update_without_password(params)
end
# GET /resource/sign_up
# def new
# super
# end
# POST /resource
# def create
# super
# end
# GET /resource/edit
# def edit
# super
# end
# PUT /resource
# def update
# super
# end
# DELETE /resource
# def destroy
# super
# end
# GET /resource/cancel
# Forces the session data which is usually expired after sign
# in to be expired now. This is useful if the user wants to
# cancel oauth signing in/up in the middle of the process,
# removing all OAuth session data.
# def cancel
# super
# end
# If you have extra params to permit, append them to the sanitizer.
def configure_sign_up_params
devise_parameter_sanitizer.permit(:sign_up, keys: [:host_role])
end
# If you have extra params to permit, append them to the sanitizer.
def configure_account_update_params
devise_parameter_sanitizer.permit(:account_update, keys: [:host_role])
end
# The path used after sign up.
# def after_sign_up_path_for(resource)
# super(resource)
# end
# The path used after sign up for inactive accounts.
# def after_inactive_sign_up_path_for(resource)
# super(resource)
# end
end
1 answers
solution1
2 ACCPTED 2018-02-05 01:03:36
Do this update outside of Devise
routes.rb
post ‘host-updater/:id’, to: ‘some_controller#some_action’, as: :host_update
some_controller.rb
def some_action
user = User.find params[:id]
user.update_attributes user_params
redirect_to request.referrer, notice: ‘updated’
end
...
private
def user_params
params.require(:user).permit .....
end
in your form_for
form_form request.user, url: host_update_path, html: { method: :post } do |f|
......
end
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.