0

notes use rails 5.2 and postgresql

I have Foluser model contains name,email,password,id_watch

I need when admin add new foluser

  1. generate password

    when admin create new foluser generate password like Secure Password Generator

  2. get id_watch from admin model and put it to id_watch from Foluser model

    Adminwhen register enterusername,email,password,id_watch`

    in point 2 need take this id_watch and save it in user model .

admin only create foluser 

`
class FolusersController < ApplicationController
  before_action :set_foluser, only: [:show, :edit, :update, :destroy]
  before_action :authenticate_user!, except: [:index, :show, :new , :create, :edit]

  # GET /folusers
  # GET /folusers.json
  def index
    @folusers = current_master.foluser.all

    #render json: @folusers

  end

  # GET /folusers/1
  # GET /folusers/1.json
  def show
    #@folusers = Foluser.where(master_id: @master.id).order("created_at DESC")

    #@foluser = Foluser.find(params[:id])
        #render json: @foluser



  end

  # GET /folusers/new
  def new
    @foluser = current_master.foluser.build
  end

  # GET /folusers/1/edit
  def edit
    #render json: @foluser
  end

  # POST /folusers
  # POST /folusers.json
  def create
    @foluser = current_master.foluser.build(foluser_params)


    respond_to do |format|
      if @foluser.save
        format.html { redirect_to @foluser, notice: 'Foluser was successfully created.' }
        format.json { render :show, status: :created, location: @foluser }
      else
        format.html { render :new }
        format.json { render json: @foluser.errors, status: :unprocessable_entity }
      end
    end
  end

  # PATCH/PUT /folusers/1
  # PATCH/PUT /folusers/1.json
  def update
    respond_to do |format|
      if @foluser.update(foluser_params)
        format.html { redirect_to @foluser, notice: 'Foluser was successfully updated.' }
        format.json { render :show, status: :ok, location: @foluser }
      else
        format.html { render :edit }
        format.json { render json: @foluser.errors, status: :unprocessable_entity }
      end
    end
  end

  # DELETE /folusers/1
  # DELETE /folusers/1.json
  def destroy
    @foluser.destroy
    respond_to do |format|
      format.html { redirect_to folusers_url, notice: 'Foluser was successfully destroyed.' }
      format.json { head :no_content }
    end
  end

  private
    # Use callbacks to share common setup or constraints between actions.
    def set_foluser
      @foluser = Foluser.find(params[:id])
    end

    # Never trust parameters from the scary internet, only allow the white list through.
    def foluser_params
      params.require(:foluser).permit(:name, :email, :numberphone, :password)
    end
end

foluser model

class Foluser < ApplicationRecord
    belongs_to :admin, :optional => true
end

admin model

class Master < ApplicationRecord

    has_many :foluser
end
Improve this question
16
  • 1
    I hope you're not storing a password in plain text??!! If so, that's a big security vulnerability. Commented Jun 24, 2018 at 23:24
  • 1
    Why is this tagged as ruby-on-rails-3 and ruby-on-rails-4? Which version are you actually using? (Is it actually v5.x?) Commented Jun 24, 2018 at 23:25
  • 1
    What have you tried so far? Show us your code. I would presume (but cannot know anything for certain without more info!) that you wish to perform this record creation from a controller, and that the currently logged-in user is the Admin from which you wish to set the id_watch? Possibly you've mis-described the situation, and it's actually the admin's id that you wish to set as the foluser's id_watch? (In which case, I'd rather use a more conventional and descriptive column name, like creator_id. Commented Jun 24, 2018 at 23:30
  • And lastly, please elaborate on what you mean by "generate password". What rules/format do you want to apply to the random string? (Any character/length requirements?) Do you want to reference the value later, e.g. in an email? Should this be considered a permanent, or temporary password? As mentioned above, should this be encrypted (probably!), or do you have a good reason to store the password unencrypted? Commented Jun 24, 2018 at 23:35
  • Thanks @TomLord for response i updated my question and add more information . Commented Jun 25, 2018 at 7:08

2 Answers 2

Reset to default
2

Using your current code, setting the id_watch can be done here in the controller:

class FolusersController < ApplicationController
  def create
    @foluser = current_master.folusers.build(foluser_params)

    @foluser.id_watch = current_master.id_watch # <-- !!!

    respond_to do |format|
      if @foluser.save
        # ...
      end
    end
  end
end

Despite our extended conversation above, I'm still unclear what you're trying to achieve with the "password generation".

(Should it be generated in the front-end, or the back-end? Should it be stored encrypted, or in plain text? If encrypted, do you need to be able to reverse this encryption? Is it a "permanent" password, or a "temporary" password? ...)

Therefore, the following code should be taken with a big pinch of salt - since I still don't really know what the desired/correct behaviour is.

In the FolusersController, you've defined the following method:

def foluser_params
  params.require(:foluser).permit(:name, :email, :numberphone, :password)
end

However, if you want the password to be generated by the server then you shouldn't be allowing the admin to set the password through the controller. Therefore, remove this parameter:

def foluser_params
  params.require(:foluser).permit(:name, :email, :numberphone)
end

And then somewhere - perhaps in the controller, or as a hook in the model - set this password to something random:

class FolusersController < ApplicationController
  def create
    @foluser = current_master.folusers.build(foluser_params)
    @foluser.password = SecureRandom.hex(10 + rand(6))
    # ...
   end
end

# or

class Foluser < ApplicationRecord
  after_initialize :default_password

  def default_password
    self.password ||= SecureRandom.hex(10 + rand(6))
  end
end
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thanks @Tomlord why need generate password when admin add Foluser generate password automatically and send this password to foluser. permanent" password, or a "temporary" password? yes is temporary password . stored encrypted or not yes no encrypted if you have any resource explain that please tell me . if you need more information can give it . Thanks you :)
1

I think you found the solution, use rails callbacks in your model to extract this kind of logic from the controller.

But I'd rather use after_initialize than before_save so that you won't set a default password before each save(so possibly even update action)

Then use things like SecureRandom (ActiveSupport concern) (already bundled by rails, no requires required)

after_initialize :defaultpassword
...
def default_password
  self.password ||= SecureRandom.hex(10 + rand(6))
end

not the best way to do random I know but feel free to customize it.

secure_random output examples:

=>bf8d42b174d297f6460eef
=>efd28869171a1ec89c3438
=>3855c61fb6b90ed549d777
Improve this answer

3 Comments

Thanks @AlexisDelahaye this success and solve problem for password. can help to second problem ?
This ignores the big security vulnerability that you're storing the password in plain-text. You should almost never do this.
I know @TomLord i use many method for encryption and not store in plain text . know shouldn't store password plain text Because of many problems . i read api.rubyonrails.org/classes/ActiveModel/SecurePassword/… .

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.