How to trace a html button non-event? (Rails Authorization With Pundit)

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

How to trace a html button non-event? (Rails Authorization With Pundit)

Ralph Shnelvar
This is my first post here.  Comments on style, etc., are appreciated.

An answer is even more appreciated.

This is a continuation of my question at https://stackoverflow.com/questions/44856528/how-to-trace-a-html-button-non-event-rails-authorization-with-pundit

The problem:

Figure 1:

I have a form:

The first time I visit this page, everything seems to work. I can click on "Change Role" and update the appropriate row in the Postgres table.  I can do it as many times as I like with no problems.


If I click on, for instance, [hidden email] (highlighted in yellow), I get to the following page:
Figure 2:

The above is just fine.

If I click on Users on the upper right, I return to the webage denoted as Figure 1.



Now things get, hmm, (un)interesting.

When I click on Change Role, nothing happens. 

I have hooked up Wireshark and I am almost 100% sure I see no Post going out when I click on Change Role.  I am pretty sure I see no outbound http when I click on Change Role

If I refresh the page, Change Role starts working again!

I am clueless where to look or what is going on.


app/controllers/users_controller.rb
class UsersController < ApplicationController  # See https://stackoverflow.com/questions/16519828/rails-4-before-filter-vs-before-action
 
#   "As we can see in ActionController::Base, before_action is just a new syntax for before_filter"
  before_action
:ralph_before_action
  after_action  
:ralph_after_action
 
  before_filter
:authenticate_user!
  after_action
:verify_authorized

 
def index
   
# byebug if ralph_test_byebug
   
@users = User.all
    authorize
User
 
end

 
def show
    byebug
if ralph_test_byebug
   
@user = User.find(params[:id])
    authorize
@user
 
end

 
def update
   
# byebug # if ralph_test_byebug
   
@user = User.find(params[:id])
    authorize
@user
    byebug
# if ralph_test_byebug
   
if @user.update_attributes(secure_params)
      redirect_to users_path
, :notice => "User updated."
   
else
      redirect_to users_path
, :alert => "Unable to update user."
   
end
 
end

 
def destroy
    user
= User.find(params[:id])
    authorize user
    user
.destroy
    redirect_to users_path
, :notice => "User deleted."
 
end

 
private

 
def secure_params
   
params.require(:user).permit(:role)
 
end
 
 
def ralph_before_action
   
# byebug
    xyz
=123
 
end
 
 
def ralph_after_action
   
# byebug
    xyz
=123
 
end

end


app/views/users/index.html.erb
<div class="bigbox">
 
<div class="box">
   
<table class="table-minimal">
     
<tbody>
       
<% @users.each do |user| %>
         
<tr>
           
<%= render user %>
         
</tr>
       
<% end %>
     
</tbody>
   
</table>
 
</div>
</div>




app/views/users/_user.html.erb
<td>
 
<%= link_to user.email, user %>
</td>
<td>
 
<%= form_for(user) do |f| %>
   
<%= f.select(:role, User.roles.keys.map {|role| [role.titleize,role]}) %>
   
<td>
   
<button><%= f.submit 'Change Role' %></button>
   
</td>
 
<% end %>
</td>
<td>
 
<%= link_to("Delete user", user_path(user), :data => { :confirm => "Are you sure?" }, :method => :delete, :class => 'button') unless user == current_user %>
</td>





--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/7fad56bb-534c-43d6-883a-7049d3e87105%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: How to trace a html button non-event? (Rails Authorization With Pundit)

jim-2
Hey Ralph,

The code that you posted looks good to me.  This feels like a Turbolinks issue since it goes away after a refresh - are you using Turbolinks?  If so, try disabling it.

If that doesn't work or isn't applicable, it might help if you could reproduce the issue somewhere like http://code.runnable.com

Jim

On Wednesday, July 5, 2017 at 1:51:46 AM UTC-4, Ralph Shnelvar wrote:
This is my first post here.  Comments on style, etc., are appreciated.

An answer is even more appreciated.

This is a continuation of my question at <a href="https://stackoverflow.com/questions/44856528/how-to-trace-a-html-button-non-event-rails-authorization-with-pundit" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fstackoverflow.com%2Fquestions%2F44856528%2Fhow-to-trace-a-html-button-non-event-rails-authorization-with-pundit\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNEXRXqj47AJMAN1Kq1KtWd4D3QPLA&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fstackoverflow.com%2Fquestions%2F44856528%2Fhow-to-trace-a-html-button-non-event-rails-authorization-with-pundit\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNEXRXqj47AJMAN1Kq1KtWd4D3QPLA&#39;;return true;">https://stackoverflow.com/questions/44856528/how-to-trace-a-html-button-non-event-rails-authorization-with-pundit

The problem:

Figure 1:

I have a form:

The first time I visit this page, everything seems to work. I can click on "Change Role" and update the appropriate row in the Postgres table.  I can do it as many times as I like with no problems.


If I click on, for instance, <a href="javascript:" target="_blank" gdf-obfuscated-mailto="O71aP7aXBwAJ" rel="nofollow" onmousedown="this.href=&#39;javascript:&#39;;return true;" onclick="this.href=&#39;javascript:&#39;;return true;">some...@... (highlighted in yellow), I get to the following page:
Figure 2:

The above is just fine.

If I click on Users on the upper right, I return to the webage denoted as Figure 1.



Now things get, hmm, (un)interesting.

When I click on Change Role, nothing happens. 

I have hooked up Wireshark and I am almost 100% sure I see no Post going out when I click on Change Role.  I am pretty sure I see no outbound http when I click on Change Role

If I refresh the page, Change Role starts working again!

I am clueless where to look or what is going on.


app/controllers/users_controller.rb
class UsersController < ApplicationController  # See <a href="https://stackoverflow.com/questions/16519828/rails-4-before-filter-vs-before-action" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fstackoverflow.com%2Fquestions%2F16519828%2Frails-4-before-filter-vs-before-action\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNFaNLUI7U9GLrEBrhhbo_v5EV6leA&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fstackoverflow.com%2Fquestions%2F16519828%2Frails-4-before-filter-vs-before-action\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNFaNLUI7U9GLrEBrhhbo_v5EV6leA&#39;;return true;">https://stackoverflow.com/questions/16519828/rails-4-before-filter-vs-before-action
 
#   "As we can see in ActionController::Base, before_action is just a new syntax for before_filter"
  before_action
:ralph_before_action
  after_action  
:ralph_after_action
 
  before_filter
:authenticate_user!
  after_action
:verify_authorized

 
def index
   
# byebug if ralph_test_byebug
   
@users = User.all
    authorize
User
 
end

 
def show
    byebug
if ralph_test_byebug
   
@user = User.find(params[:id])
    authorize
@user
 
end

 
def update
   
# byebug # if ralph_test_byebug
   
@user = User.find(params[:id])
    authorize
@user
    byebug
# if ralph_test_byebug
   
if @user.update_attributes(secure_params)
      redirect_to users_path
, :notice => "User updated."
   
else
      redirect_to users_path
, :alert => "Unable to update user."
   
end
 
end

 
def destroy
    user
= User.find(params[:id])
    authorize user
    user
.destroy
    redirect_to users_path
, :notice => "User deleted."
 
end

 
private

 
def secure_params
   
params.require(:user).permit(:role)
 
end
 
 
def ralph_before_action
   
# byebug
    xyz
=123
 
end
 
 
def ralph_after_action
   
# byebug
    xyz
=123
 
end

end


app/views/users/index.html.erb
<div class="bigbox">
 
<div class="box">
   
<table class="table-minimal">
     
<tbody>
       
<% @users.each do |user| %>
         
<tr>
           
<%= render user %>
         
</tr>
       
<% end %>
     
</tbody>
   
</table>
 
</div>
</div>




app/views/users/_user.html.erb
<td>
 
<%= link_to user.email, user %>
</td>
<td>
 
<%= form_for(user) do |f| %>
   
<%= f.select(:role, User.roles.keys.map {|role| [role.titleize,role]}) %>
   
<td>
   
<button><%= f.submit 'Change Role' %></button>
   
</td>
 
<% end %>
</td>
<td>
 
<%= link_to("Delete user", user_path(user), :data => { :confirm => "Are you sure?" }, :method => :delete, :class => 'button') unless user == current_user %>
</td>





--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/3157f2a7-9771-4195-a30a-4b959a22b6b0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: How to trace a html button non-event? (Rails Authorization With Pundit)

Ralph Shnelvar-2
In reply to this post by Ralph Shnelvar
May all the gods of all the religions bless you, your house, your family, your extended family, and your friends with health, happiness, long life, and great wealth.

Jesus, I spent an entire week on this!!!

Do you know of a document or link that explains how Turbolinks works?

Ralph



On Tuesday, July 4, 2017 at 11:51:46 PM UTC-6, Ralph Shnelvar wrote:
This is my first post here.  Comments on style, etc., are appreciated.

An answer is even more appreciated.

This is a continuation of my question at <a href="https://stackoverflow.com/questions/44856528/how-to-trace-a-html-button-non-event-rails-authorization-with-pundit" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fstackoverflow.com%2Fquestions%2F44856528%2Fhow-to-trace-a-html-button-non-event-rails-authorization-with-pundit\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNEXRXqj47AJMAN1Kq1KtWd4D3QPLA&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fstackoverflow.com%2Fquestions%2F44856528%2Fhow-to-trace-a-html-button-non-event-rails-authorization-with-pundit\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNEXRXqj47AJMAN1Kq1KtWd4D3QPLA&#39;;return true;">https://stackoverflow.com/questions/44856528/how-to-trace-a-html-button-non-event-rails-authorization-with-pundit

The problem:

Figure 1:

I have a form:

The first time I visit this page, everything seems to work. I can click on "Change Role" and update the appropriate row in the Postgres table.  I can do it as many times as I like with no problems.


If I click on, for instance, [hidden email] (highlighted in yellow), I get to the following page:
Figure 2:

The above is just fine.

If I click on Users on the upper right, I return to the webage denoted as Figure 1.



Now things get, hmm, (un)interesting.

When I click on Change Role, nothing happens. 

I have hooked up Wireshark and I am almost 100% sure I see no Post going out when I click on Change Role.  I am pretty sure I see no outbound http when I click on Change Role

If I refresh the page, Change Role starts working again!

I am clueless where to look or what is going on.


app/controllers/users_controller.rb
class UsersController < ApplicationController  # See <a href="https://stackoverflow.com/questions/16519828/rails-4-before-filter-vs-before-action" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fstackoverflow.com%2Fquestions%2F16519828%2Frails-4-before-filter-vs-before-action\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNFaNLUI7U9GLrEBrhhbo_v5EV6leA&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fstackoverflow.com%2Fquestions%2F16519828%2Frails-4-before-filter-vs-before-action\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNFaNLUI7U9GLrEBrhhbo_v5EV6leA&#39;;return true;">https://stackoverflow.com/questions/16519828/rails-4-before-filter-vs-before-action
 
#   "As we can see in ActionController::Base, before_action is just a new syntax for before_filter"
  before_action
:ralph_before_action
  after_action  
:ralph_after_action
 
  before_filter
:authenticate_user!
  after_action
:verify_authorized

 
def index
   
# byebug if ralph_test_byebug
   
@users = User.all
    authorize
User
 
end

 
def show
    byebug
if ralph_test_byebug
   
@user = User.find(params[:id])
    authorize
@user
 
end

 
def update
   
# byebug # if ralph_test_byebug
   
@user = User.find(params[:id])
    authorize
@user
    byebug
# if ralph_test_byebug
   
if @user.update_attributes(secure_params)
      redirect_to users_path
, :notice => "User updated."
   
else
      redirect_to users_path
, :alert => "Unable to update user."
   
end
 
end

 
def destroy
    user
= User.find(params[:id])
    authorize user
    user
.destroy
    redirect_to users_path
, :notice => "User deleted."
 
end

 
private

 
def secure_params
   
params.require(:user).permit(:role)
 
end
 
 
def ralph_before_action
   
# byebug
    xyz
=123
 
end
 
 
def ralph_after_action
   
# byebug
    xyz
=123
 
end

end


app/views/users/index.html.erb
<div class="bigbox">
 
<div class="box">
   
<table class="table-minimal">
     
<tbody>
       
<% @users.each do |user| %>
         
<tr>
           
<%= render user %>
         
</tr>
       
<% end %>
     
</tbody>
   
</table>
 
</div>
</div>




app/views/users/_user.html.erb
<td>
 
<%= link_to user.email, user %>
</td>
<td>
 
<%= form_for(user) do |f| %>
   
<%= f.select(:role, User.roles.keys.map {|role| [role.titleize,role]}) %>
   
<td>
   
<button><%= f.submit 'Change Role' %></button>
   
</td>
 
<% end %>
</td>
<td>
 
<%= link_to("Delete user", user_path(user), :data => { :confirm => "Are you sure?" }, :method => :delete, :class => 'button') unless user == current_user %>
</td>





--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/ad215333-e25d-438f-996f-351a05553126%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: How to trace a html button non-event? (Rails Authorization With Pundit)

jim-2
Hey Ralph,

Happy to help!  The readme is a great resource: https://github.com/turbolinks/turbolinks

Jim

On Friday, July 7, 2017 at 3:22:48 PM UTC-4, Ralph Shnelvar wrote:
May all the gods of all the religions bless you, your house, your family, your extended family, and your friends with health, happiness, long life, and great wealth.

Jesus, I spent an entire week on this!!!

Do you know of a document or link that explains how Turbolinks works?

Ralph



On Tuesday, July 4, 2017 at 11:51:46 PM UTC-6, Ralph Shnelvar wrote:
This is my first post here.  Comments on style, etc., are appreciated.

An answer is even more appreciated.

This is a continuation of my question at <a href="https://stackoverflow.com/questions/44856528/how-to-trace-a-html-button-non-event-rails-authorization-with-pundit" rel="nofollow" target="_blank" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fstackoverflow.com%2Fquestions%2F44856528%2Fhow-to-trace-a-html-button-non-event-rails-authorization-with-pundit\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNEXRXqj47AJMAN1Kq1KtWd4D3QPLA&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fstackoverflow.com%2Fquestions%2F44856528%2Fhow-to-trace-a-html-button-non-event-rails-authorization-with-pundit\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNEXRXqj47AJMAN1Kq1KtWd4D3QPLA&#39;;return true;">https://stackoverflow.com/questions/44856528/how-to-trace-a-html-button-non-event-rails-authorization-with-pundit

The problem:

Figure 1:

I have a form:

The first time I visit this page, everything seems to work. I can click on "Change Role" and update the appropriate row in the Postgres table.  I can do it as many times as I like with no problems.


If I click on, for instance, <a href="javascript:" rel="nofollow" target="_blank" gdf-obfuscated-mailto="BX0IYSFhCAAJ" onmousedown="this.href=&#39;javascript:&#39;;return true;" onclick="this.href=&#39;javascript:&#39;;return true;">some...@... (highlighted in yellow), I get to the following page:
Figure 2:

The above is just fine.

If I click on Users on the upper right, I return to the webage denoted as Figure 1.



Now things get, hmm, (un)interesting.

When I click on Change Role, nothing happens. 

I have hooked up Wireshark and I am almost 100% sure I see no Post going out when I click on Change Role.  I am pretty sure I see no outbound http when I click on Change Role

If I refresh the page, Change Role starts working again!

I am clueless where to look or what is going on.


app/controllers/users_controller.rb
class UsersController < ApplicationController  # See <a href="https://stackoverflow.com/questions/16519828/rails-4-before-filter-vs-before-action" rel="nofollow" target="_blank" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fstackoverflow.com%2Fquestions%2F16519828%2Frails-4-before-filter-vs-before-action\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNFaNLUI7U9GLrEBrhhbo_v5EV6leA&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fstackoverflow.com%2Fquestions%2F16519828%2Frails-4-before-filter-vs-before-action\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNFaNLUI7U9GLrEBrhhbo_v5EV6leA&#39;;return true;">https://stackoverflow.com/questions/16519828/rails-4-before-filter-vs-before-action
 
#   "As we can see in ActionController::Base, before_action is just a new syntax for before_filter"
  before_action
:ralph_before_action
  after_action  
:ralph_after_action
 
  before_filter
:authenticate_user!
  after_action
:verify_authorized

 
def index
   
# byebug if ralph_test_byebug
   
@users = User.all
    authorize
User
 
end

 
def show
    byebug
if ralph_test_byebug
   
@user = User.find(params[:id])
    authorize
@user
 
end

 
def update
   
# byebug # if ralph_test_byebug
   
@user = User.find(params[:id])
    authorize
@user
    byebug
# if ralph_test_byebug
   
if @user.update_attributes(secure_params)
      redirect_to users_path
, :notice => "User updated."
   
else
      redirect_to users_path
, :alert => "Unable to update user."
   
end
 
end

 
def destroy
    user
= User.find(params[:id])
    authorize user
    user
.destroy
    redirect_to users_path
, :notice => "User deleted."
 
end

 
private

 
def secure_params
   
params.require(:user).permit(:role)
 
end
 
 
def ralph_before_action
   
# byebug
    xyz
=123
 
end
 
 
def ralph_after_action
   
# byebug
    xyz
=123
 
end

end


app/views/users/index.html.erb
<div class="bigbox">
 
<div class="box">
   
<table class="table-minimal">
     
<tbody>
       
<% @users.each do |user| %>
         
<tr>
           
<%= render user %>
         
</tr>
       
<% end %>
     
</tbody>
   
</table>
 
</div>
</div>




app/views/users/_user.html.erb
<td>
 
<%= link_to user.email, user %>
</td>
<td>
 
<%= form_for(user) do |f| %>
   
<%= f.select(:role, User.roles.keys.map {|role| [role.titleize,role]}) %>
   
<td>
   
<button><%= f.submit 'Change Role' %></button>
   
</td>
 
<% end %>
</td>
<td>
 
<%= link_to("Delete user", user_path(user), :data => { :confirm => "Are you sure?" }, :method => :delete, :class => 'button') unless user == current_user %>
</td>





--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/f1db5aa4-2c8f-4811-a36e-833a8eb8c3d0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Loading...