Home > Net >  Role scope is not working out of the blue on Devise sign in form
Role scope is not working out of the blue on Devise sign in form

Time:01-12

I'm on Rails 7 and using Devise and Rolify...

I have a create an account page and earlier this week users were signing up just fine (I was dealing with some spam accounts) but I noticed that those spam accounts always chose the roles that were available to non-admin users which are the non-admin roles.

But today I noticed a spam account created that had the role of superadmin and I was thinking how is that possible and I found that all of my roles were visible to everyone.

This is also happening locally as well as my deployed site.

Luckily through Devise the user has to confirm their account before they can have access but unfortunately actual users are able to choose the superadmin role and then have access to do superadmin things, I'm keeping an eye on it now, but this is not safe at all!

In my roles.rb I have:

  ADMIN_ROLES = %w[SuperAdmin Admin Moderator Editor]
  scope :admin, -> { where(name: ADMIN_ROLES)}
  scope :not_admin, -> { where.not(name: ADMIN_ROLES)}

The scope is working in my Rails console when I enter Role.admin or Role.not_admin the appropriate roles show up.

On my registration page when I click on the role collection select dropdown all of my roles show up despite have the scope filter applied in my form:

<%= f.select :role_ids, Role.not_admin.sorted.pluck(:name, :id), 
          { label: "What roles does this user have??", 
            }, 
          { multiple: true, id: "select-dancestyle" } %>
          <% end %>

I did make a change to the page to make sure I'm editing the right form, I even tried removing the roles from the form and re-adding them, I also tried on a different browser just to make sure I wasn't running into any weird cookie issues, and I'm still getting all the roles appearing.

I'm not really sure what I'm missing of why that not_admin scope is not registering on my form view. I am using the bootstrap form for gem for this form as well!

CodePudding user response:

If the results are what you expect in the console then it seems like either you're misreading the console, or the way you're using the result of the scope with sort, pluck, or f.select isn't what you think it should be.

It's easy to get confused by console output. One thing that I often miss is that pluck returns an array and not an ActiveRecord relation.

To test the use of f.select:

pluck will return an array, so what if you replace your code with:

<%= f.select :role_ids, [["rolename1", 1],["rolename2", 2]], 
  { label: "What roles does this user have??", }, 
  { multiple: true, id: "select-dancestyle" } 
%>

If that works, does using Role.admin instead of Role.not_admin give you a select list that looks right for admin roles? You can also remove some options from f.select to create a working example with fewer moving parts.

Finally, if none of the above proves relevant, examine what might have changed since the last time you knew it worked.

CodePudding user response:

The answer was in the order of the attributes I tagged, I was able to fix the issue by switching the code from:

<%= f.select :role_ids, Role.not_admin.sorted.pluck(:name, :id), 
          { label: "What roles does this user have??", 
            }, 
          { multiple: true, id: "select-dancestyle" } %>
          <% end %>

to

<%= f.select :role_ids, Role.sorted.not_admin.pluck(:name, :id), 
          { label: "What roles does this user have??", 
            }, 
          { multiple: true, id: "select-dancestyle" } %>
          <% end %>

Page link:https//www.codepudding.com/net/669704.html

Prev:Rails Action Mailer Issue
Next:Create a Flutter Application using API
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding