Tuesday, July 4, 2017
An answer is even more appreciated.
This is a continuation of my question at https://stackoverflow.com/questions/44856528/how-to-trace-a-html-button-non-event-rails-authorization-with-pundit
The problem:
Figure 1:
I have a form:
The first time I visit this page, everything seems to work. I can click on "Change Role" and update the appropriate row in the Postgres table. I can do it as many times as I like with no problems.
If I click on, for instance, somename@yahoo.com (highlighted in yellow), I get to the following page:
Figure 2:
The above is just fine.
If I click on Users on the upper right, I return to the webage denoted as Figure 1.
Now things get, hmm, (un)interesting.
When I click on Change Role, nothing happens.
I have hooked up Wireshark and I am almost 100% sure I see no Post going out when I click on Change Role. I am pretty sure I see no outbound http when I click on Change Role
If I refresh the page, Change Role starts working again!
I am clueless where to look or what is going on.
app/controllers/users_controller.rb
class UsersController < ApplicationController # See https://stackoverflow.com/questions/16519828/rails-4-before-filter-vs-before-action
# "As we can see in ActionController::Base, before_action is just a new syntax for before_filter"
before_action :ralph_before_action
after_action :ralph_after_action
before_filter :authenticate_user!
after_action :verify_authorized
def index
# byebug if ralph_test_byebug
@users = User.all
authorize User
end
def show
byebug if ralph_test_byebug
@user = User.find(params[:id])
authorize @user
end
def update
# byebug # if ralph_test_byebug
@user = User.find(params[:id])
authorize @user
byebug # if ralph_test_byebug
if @user.update_attributes(secure_params)
redirect_to users_path, :notice => "User updated."
else
redirect_to users_path, :alert => "Unable to update user."
end
end
def destroy
user = User.find(params[:id])
authorize user
user.destroy
redirect_to users_path, :notice => "User deleted."
end
private
def secure_params
params.require(:user).permit(:role)
end
def ralph_before_action
# byebug
xyz=123
end
def ralph_after_action
# byebug
xyz=123
end
end
app/views/users/index.html.erb
<div class="bigbox">
<div class="box">
<table class="table-minimal">
<tbody>
<% @users.each do |user| %>
<tr>
<%= render user %>
</tr>
<% end %>
</tbody>
</table>
</div>
</div>
app/views/users/_user.html.erb
<td>
<%= link_to user.email, user %>
</td>
<td>
<%= form_for(user) do |f| %>
<%= f.select(:role, User.roles.keys.map {|role| [role.titleize,role]}) %>
<td>
<button><%= f.submit 'Change Role' %></button>
</td>
<% end %>
</td>
<td>
<%= link_to("Delete user", user_path(user), :data => { :confirm => "Are you sure?" }, :method => :delete, :class => 'button') unless user == current_user %>
</td>
--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe@googlegroups.com.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/7fad56bb-534c-43d6-883a-7049d3e87105%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment