Rails_admin setting current_user in the controller

Question

Rails_admin setting current_user in the controller

I have an event model:

class Event < ActiveRecord::Base
  belongs_to :author, class_name: 'User'
end

I can enter the console:

e=Event.last
e.author

In rails_admin, when I create a new event, I do not want to show the author_id field on the form. I want to set the author in the controller like this:

@e=Event.new(params)
@e.author_id=current_user.id
@e.save

Is it possible to do this in rails_admin?

I found this document on the official wiki, but I don’t want to use the cancan ability, and I don’t want to set the author_id field with a hidden field in the form, because it is dangerous for security, the infact POST request can be redefined with custom_ author_id. I want to just assign author_id in the controller. Maybe?

+3

ruby-on-rails rails-admin

user1066183 Feb 25 '14 at 10:38

source share

2 answers

peresleguine · Answer 1 · 2014-03-06T15:58:12+0000

rails_admin. : https://github.com/sferik/rails_admin/issues/1855.

, . , : https://github.com/sferik/rails_admin/blob/master/lib/rails_admin/config/actions/new.rb.

register_instance_option :controller. , . : https://github.com/sferik/rails_admin/wiki/Actions.

, , /config/initializers/rails_admin.rb:

RailsAdmin.config do |config|

  config.actions do
    dashboard                     # mandatory
    index                         # mandatory

    new do
      controller do
        proc do
          if request.get? # NEW

            @object = @abstract_model.new
            @authorization_adapter && @authorization_adapter.attributes_for(:new, @abstract_model).each do |name, value|
              @object.send("#{name}=", value)
            end
            if object_params = params[@abstract_model.to_param]
              @object.set_attributes(@object.attributes.merge(object_params))
            end
            respond_to do |format|
              format.html { render @action.template_name }
              format.js   { render @action.template_name, layout: false }
            end

          elsif request.post? # CREATE

            @modified_assoc = []
            @object = @abstract_model.new
            satisfy_strong_params!
            sanitize_params_for!(request.xhr? ? :modal : :create)

            @object.set_attributes(params[@abstract_model.param_key])
            @authorization_adapter && @authorization_adapter.attributes_for(:create, @abstract_model).each do |name, value|
              @object.send("#{name}=", value)
            end

            # customization
            if @object.class == Event
              # do whatever you want
            end                

            if @object.save
              @auditing_adapter && @auditing_adapter.create_object(@object, @abstract_model, _current_user)
              respond_to do |format|
                format.html { redirect_to_on_success }
                format.js   { render json: {id: @object.id.to_s, label: @model_config.with(object: @object).object_label} }
              end
            else
              handle_save_error
            end
          end       
        end
      end
    end

    export
    bulk_delete
    show
    edit
    delete
    show_in_app

  end
end

Erick Maynard · Answer 2 · 2016-10-03T10:29:50+0000

pereleguine 2 . , .

satisf_strong_params! , :

RailsAdmin.config do |config|

config.actions do
dashboard                     # mandatory
index                         # mandatory

new do
  controller do
    proc do
      if request.get? # NEW

        @object = @abstract_model.new
        @authorization_adapter && @authorization_adapter.attributes_for(:new, @abstract_model).each do |name, value|
          @object.send("#{name}=", value)
        end
        if object_params = params[@abstract_model.to_param]
          @object.set_attributes(@object.attributes.merge(object_params))
        end
        respond_to do |format|
          format.html { render @action.template_name }
          format.js   { render @action.template_name, layout: false }
        end

      elsif request.post? # CREATE

        @modified_assoc = []
        @object = @abstract_model.new
        satisfy_strong_params!
        sanitize_params_for!(request.xhr? ? :modal : :create)

        @object.set_attributes(params[@abstract_model.param_key])
        @authorization_adapter && @authorization_adapter.attributes_for(:create, @abstract_model).each do |name, value|
          @object.send("#{name}=", value)
        end

        # customization
        if @object.class == Event
          # do whatever you want
        end                

        if @object.save
          @auditing_adapter && @auditing_adapter.create_object(@object, @abstract_model, _current_user)
          respond_to do |format|
            format.html { redirect_to_on_success }
            format.js   { render json: {id: @object.id.to_s, label: @model_config.with(object: @object).object_label} }
          end
        else
          handle_save_error
        end
      end       
    end
  end
end

export
bulk_delete
show
edit
delete
show_in_app

end

Rails_admin setting current_user in the controller

More articles: