0

I am trying to use Devise and cancancan to allow an admin user to create a new user. I am doing this through a modal, in application.html.erb when I try to create a new user, the form appears in the modal, everything seems fine, however, it gives me a name error when I try to submit. Not sure where ive gone wrong ot how to correct this..

I have been following suggestions in this StackOverflow post

This is the screenshot of the error I get when submitting the form:

enter image description here

the permitted_params.rb:

class PermittedParams < Struct.new(:params, :current_user)

  def user
    params.require(:user).permit(*user_attributes)
  end

  def user_attributes
    if current_user.role == 'SuperUser'?
      [:email, :password, :password_confirmation, :user_ident, :f_name, :m_name, :l_name, :dob, :role]
    else
      [:email, :password, :password_confirmation]
    end
  end

end

The Admin Controller - used to create the new user

class AdminsController < ApplicationController
  before_action :authenticate_user!

  def new_user
    authorize! :manage, User
    @user = User.new
  end

  def create_user
    @user = User.new(permitted_params.user)
    authorize! :manage, User
    @user = User.find_by_user_ident(params[:id])
    if @user.save
      format.html { redirect_to root_path, notice: 'User has been successfully created.' }
    else
      format.html { redirect_to root_path, notice: 'There was a problem creating this user, please try again.' }
    end
  end

end

application_controller.rb (where I set the user)

class ApplicationController < ActionController::Base
  # Prevent CSRF attacks by raising an exception.
  # For APIs, you may want to use :null_session instead.
  protect_from_forgery with: :exception

  before_filter :set_user

  def set_user
    @user = User.new
  end

end

Custom Routes:

  as :user do
    get "admins/new_user" => "admins#new_user", as: :admins_new_user
    post "admins/create_user" => "admins#create_user", as: :admins_create_user
  end

My Form Modal:

  <!-- Start - Modles -->
    <!-- Start - New User Creation -->
    <%= form_for(@user, :url => admins_create_user_path) do |f| %>
      <div class="modal fade" id="userCreate" tabindex="-1" role="dialog" aria-labelledby="myModalLabel">
        <div class="modal-dialog modal-lg" role="document">
          <div class="modal-content">
            <div class="modal-header">
              <button type="button" class="close" data-dismiss="modal" aria-label="Close"><span aria-hidden="true">&times;</span></button>
              <h4 class="modal-title" id="myModalLabel">Create New System User</h4>
            </div>

            </div>
            <div class="modal-footer">
              <button type="button" class="btn btn-default" data-dismiss="modal">Close</button>
              <%= f.submit "Create User", :class => 'btn btn-primary' %>
            </div>
          </div>
        </div>
      </div>
    <% end %>
    <!-- End - New User Creation -->
  <!-- End - Modles -->

The Full Stack Trace of the Error

NameError - undefined local variable or method `permitted_params' for #<AdminsController:0x007f989a3ab238>:
  app/controllers/admins_controller.rb:10:in `create_user'
  actionpack (5.0.0.rc1) lib/action_controller/metal/basic_implicit_render.rb:4:in `send_action'
  actionpack (5.0.0.rc1) lib/abstract_controller/base.rb:181:in `process_action'
  actionpack (5.0.0.rc1) lib/action_controller/metal/rendering.rb:30:in `process_action'
  actionpack (5.0.0.rc1) lib/abstract_controller/callbacks.rb:20:in `block in process_action'
  activesupport (5.0.0.rc1) lib/active_support/callbacks.rb:126:in `call'
  activesupport (5.0.0.rc1) lib/active_support/callbacks.rb:506:in `block (2 levels) in compile'
  activesupport (5.0.0.rc1) lib/active_support/callbacks.rb:455:in `call'
  activesupport (5.0.0.rc1) lib/active_support/callbacks.rb:101:in `__run_callbacks__'
  activesupport (5.0.0.rc1) lib/active_support/callbacks.rb:750:in `_run_process_action_callbacks'
  activesupport (5.0.0.rc1) lib/active_support/callbacks.rb:90:in `run_callbacks'
  actionpack (5.0.0.rc1) lib/abstract_controller/callbacks.rb:19:in `process_action'
  actionpack (5.0.0.rc1) lib/action_controller/metal/rescue.rb:31:in `process_action'
  actionpack (5.0.0.rc1) lib/action_controller/metal/instrumentation.rb:32:in `block in process_action'
  activesupport (5.0.0.rc1) lib/active_support/notifications.rb:164:in `block in instrument'
  activesupport (5.0.0.rc1) lib/active_support/notifications/instrumenter.rb:21:in `instrument'
  activesupport (5.0.0.rc1) lib/active_support/notifications.rb:164:in `instrument'
  actionpack (5.0.0.rc1) lib/action_controller/metal/instrumentation.rb:30:in `process_action'
  actionpack (5.0.0.rc1) lib/action_controller/metal/params_wrapper.rb:248:in `process_action'
  activerecord (5.0.0.rc1) lib/active_record/railties/controller_runtime.rb:18:in `process_action'
  actionpack (5.0.0.rc1) lib/abstract_controller/base.rb:126:in `process'
  actionview (5.0.0.rc1) lib/action_view/rendering.rb:30:in `process'
  actionpack (5.0.0.rc1) lib/action_controller/metal.rb:190:in `dispatch'
  actionpack (5.0.0.rc1) lib/action_controller/metal.rb:262:in `dispatch'
  actionpack (5.0.0.rc1) lib/action_dispatch/routing/route_set.rb:50:in `dispatch'
  actionpack (5.0.0.rc1) lib/action_dispatch/routing/route_set.rb:32:in `serve'
  actionpack (5.0.0.rc1) lib/action_dispatch/routing/mapper.rb:16:in `block in <class:Constraints>'
  actionpack (5.0.0.rc1) lib/action_dispatch/routing/mapper.rb:46:in `serve'
  actionpack (5.0.0.rc1) lib/action_dispatch/journey/router.rb:39:in `block in serve'
  actionpack (5.0.0.rc1) lib/action_dispatch/journey/router.rb:26:in `each'
  actionpack (5.0.0.rc1) lib/action_dispatch/journey/router.rb:26:in `serve'
  actionpack (5.0.0.rc1) lib/action_dispatch/routing/route_set.rb:725:in `call'
  actionview (5.0.0.rc1) lib/action_view/digestor.rb:12:in `call'
  warden (1.2.6) lib/warden/manager.rb:35:in `block in call'
  warden (1.2.6) lib/warden/manager.rb:34:in `catch'
  warden (1.2.6) lib/warden/manager.rb:34:in `call'
  rack (2.0.0.rc1) lib/rack/etag.rb:25:in `call'
  rack (2.0.0.rc1) lib/rack/conditional_get.rb:38:in `call'
  rack (2.0.0.rc1) lib/rack/head.rb:12:in `call'
  rack (2.0.0.rc1) lib/rack/session/abstract/id.rb:222:in `context'
  rack (2.0.0.rc1) lib/rack/session/abstract/id.rb:216:in `call'
  actionpack (5.0.0.rc1) lib/action_dispatch/middleware/cookies.rb:613:in `call'
  activerecord (5.0.0.rc1) lib/active_record/migration.rb:552:in `call'
  actionpack (5.0.0.rc1) lib/action_dispatch/middleware/callbacks.rb:38:in `block in call'
  activesupport (5.0.0.rc1) lib/active_support/callbacks.rb:97:in `__run_callbacks__'
  activesupport (5.0.0.rc1) lib/active_support/callbacks.rb:750:in `_run_call_callbacks'
  activesupport (5.0.0.rc1) lib/active_support/callbacks.rb:90:in `run_callbacks'
  actionpack (5.0.0.rc1) lib/action_dispatch/middleware/callbacks.rb:36:in `call'
  actionpack (5.0.0.rc1) lib/action_dispatch/middleware/executor.rb:12:in `call'
  actionpack (5.0.0.rc1) lib/action_dispatch/middleware/remote_ip.rb:79:in `call'
  better_errors (2.1.1) lib/better_errors/middleware.rb:84:in `protected_app_call'
  better_errors (2.1.1) lib/better_errors/middleware.rb:79:in `better_errors_call'
  better_errors (2.1.1) lib/better_errors/middleware.rb:57:in `call'
  actionpack (5.0.0.rc1) lib/action_dispatch/middleware/debug_exceptions.rb:49:in `call'
  web-console (3.3.0) lib/web_console/middleware.rb:131:in `call_app'
  web-console (3.3.0) lib/web_console/middleware.rb:28:in `block in call'
  web-console (3.3.0) lib/web_console/middleware.rb:18:in `catch'
  web-console (3.3.0) lib/web_console/middleware.rb:18:in `call'
  actionpack (5.0.0.rc1) lib/action_dispatch/middleware/show_exceptions.rb:31:in `call'
  railties (5.0.0.rc1) lib/rails/rack/logger.rb:36:in `call_app'
  railties (5.0.0.rc1) lib/rails/rack/logger.rb:24:in `block in call'
  activesupport (5.0.0.rc1) lib/active_support/tagged_logging.rb:70:in `block in tagged'
  activesupport (5.0.0.rc1) lib/active_support/tagged_logging.rb:26:in `tagged'
  activesupport (5.0.0.rc1) lib/active_support/tagged_logging.rb:70:in `tagged'
  railties (5.0.0.rc1) lib/rails/rack/logger.rb:24:in `call'
  quiet_assets (1.1.0) lib/quiet_assets.rb:27:in `call_with_quiet_assets'
  actionpack (5.0.0.rc1) lib/action_dispatch/middleware/request_id.rb:24:in `call'
  rack (2.0.0.rc1) lib/rack/method_override.rb:22:in `call'
  rack (2.0.0.rc1) lib/rack/runtime.rb:22:in `call'
  activesupport (5.0.0.rc1) lib/active_support/cache/strategy/local_cache_middleware.rb:28:in `call'
  actionpack (5.0.0.rc1) lib/action_dispatch/middleware/executor.rb:12:in `call'
  actionpack (5.0.0.rc1) lib/action_dispatch/middleware/static.rb:136:in `call'
  rack (2.0.0.rc1) lib/rack/sendfile.rb:111:in `call'
  railties (5.0.0.rc1) lib/rails/engine.rb:522:in `call'
  puma (3.4.0) lib/puma/configuration.rb:224:in `call'
  puma (3.4.0) lib/puma/server.rb:569:in `handle_request'
  puma (3.4.0) lib/puma/server.rb:406:in `process_client'
  puma (3.4.0) lib/puma/server.rb:271:in `block in run'
  puma (3.4.0) lib/puma/thread_pool.rb:114:in `block in spawn_thread'

**

EDIT # 1: Adds Registrations Controller and Custom User Show Page Controller

**

RegistrationsController

class Users::RegistrationsController < Devise::RegistrationsController

  private

  def sign_up_params
    params.require(:user).permit(:email, :password, :password_confirmation, :user_ident, :f_name, :m_name, :l_name, :dob, :role)
  end

  def account_update_params
    params.require(:user).permit(:email, :password, :password_confirmation, :user_ident, :f_name, :m_name, :l_name, :dob, :role)
  end

  # Sets user to be found by User_Ident #
  def set_user
    @user = User.find_by_user_ident(params[:id])
  end

  # Allow Profile Update w/o Current p/w Confirmation
  def update_resource(resource, params)
    resource.update_without_password(params)
  end

  # Allow SuperUser / Admin to create all users
  def build_resource(hash=nil)
    self.resource = resource_class.new_with_session(hash || {}, session)
  end

end

users controller (only used to show custom user profile)

class UserController < ApplicationController
  # Before Actions
  before_action :authenticate_user!

  def show
    @user = User.find_by_user_ident(params[:id])
  end

end
Community
  • 1
  • 1
Shawn Wilson
  • 1,311
  • 14
  • 40
  • did you define permit parameter in User controller – uzaif Jun 29 '16 at 02:58
  • I'll hop on my Mac and who ya what I have in users controller but yes – Shawn Wilson Jun 29 '16 at 02:58
  • i never use `permitted_params.rb` class what purpose are you used it? – uzaif Jun 29 '16 at 03:02
  • it was explained in the link at top of post, it is supposed to help with params in user creation outside of Devise.. but im not 100% sure I have tried to reach out to the previous author of the post but to no avail. – Shawn Wilson Jun 29 '16 at 03:04
  • you want to add extra admin field in registration? – uzaif Jun 29 '16 at 03:07
  • no no I am trying to create a user as an adminuser while logged in using Devise and CanCanCan the admin role is set as a string in the users table – Shawn Wilson Jun 29 '16 at 03:08
  • Let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/115912/discussion-between-uzaif-and-shawn-wilson). – uzaif Jun 29 '16 at 03:11

1 Answers1

1

So after a bit of tinkering and playing around.. the problem was I didn't have the params in the admin_controller responsible for creating the new user.

I also removed the Permitted_Classes.rb model, and replaced the permittedparams.user call from the create method and replaced with the proper user params.

Shawn Wilson
  • 1,311
  • 14
  • 40