0

I'm currently stuck on an update list problem. I use Rails and AngularJS.

On JS side, I plugged jQueryUI for sortable feature with Angular $resource feature to read, update (and in second step, delete and create) a text block that is ordered.

eg.

  • "1 - lorem ipsum"

  • "2 - second position lorem ipsum"

  • "3 - the third position"

in AngularJS controller I have this : 

 function DndCtrl($scope, $resource) { var Feed = $resource('/users/'+ userId +'/test/:id', {id: '@id'}, {'update': {method:"PUT", isArray:true}}); $scope.tests = Feed.query(function() { $scope.updateSortable = { // jQueryUI methods update: function(e, ui) { // trigger after user ends dropping item for (var i=0; i<$scope.tests.length; i++) { var t = $scope.tests[i]; t.position = i+1; t.$update(); } }, placeholder: "t-hightlight", axis: 'y' }; }); } // end DnD

OUTPUT after sorted element : 

 PUT http://demo.mytest.dev/users/1/test/1 401 (Unauthorized)

and in the server log : 

 warning can't verify csrf

So I found on this topic : Rails CSRF Protection + Angular.js: protect_from_forgery makes me to log out on POST the answer from HuangYuHei and tried it.

The console OUTPUT then : 

 GET http://demo.mytest.dev/users/1/test 404 (Not Found)

And on server log : 

 Test Load (1.9ms) SELECT "tests".* FROM "tests" WHERE "tests"."id" = 2 LIMIT 1 Unpermitted parameters: id

I tested directly the request in the rails console and it returned well the entry.

What I'm I doing wrong ? Did I miss something on Rails config part ? or on Angular part ?

Improve this question

1 Answer 1

Reset to default
1

You're running into a strong_params issue in your Rails controller action.

strong_params is new in Rails 4 and takes the places of the attr_accessible model attributes from prior versions. You now specify in the controller what fields from params are allowed to be used in your queries.

It should look something like this:

respond_with Test.find(params.permit(:id)) # or render json: Test.find(params.permit(:id))
Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

oh thanks I feel we're close to the solution !! I tried both your solutions + added an attr_accessible in the model. Error output changes in 500 status with an "Argument Error (Unknown : id)" Any idea on what I should dig deeper ?
After some investigations I have this beahviour : angular does the $update, Rails is saving in DB well. All is fine BUT, on FrontEnd, the console returns an error 500. How can I avoid this to display, as the update is working well ?
it was the response given by rails generating this error. On rails, on update, we just need to do the save() and render the page. :) THanks for your pointing out

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.