Destroying Users in Java

Encoder Data Matrix in Java Destroying Users
104 Destroying Users
Printing DataMatrix In Java
Using Barcode creation for Java Control to generate, create Data Matrix ECC200 image in Java applications.
Now that the user index is complete, there s only one canonical REST action left: destroy In this section, we ll add links to delete users, as mocked up in Figure 1012, and define the destroy action necessary to accomplish the deletion But first, we ll create the class of administrative users authorized to do so
Barcode Generator In Java
Using Barcode creator for Java Control to generate, create barcode image in Java applications.
1041 Administrative Users
Barcode Reader In Java
Using Barcode recognizer for Java Control to read, scan read, scan image in Java applications.
We will identify privileged administrative users with a boolean admin attribute in the User model, which will lead to an admin method to test for admin status We can write tests for this attribute as in Listing 1034
Data Matrix ECC200 Drawer In C#
Using Barcode generation for .NET Control to generate, create ECC200 image in VS .NET applications.
Listing 1034 Tests for an admin attribute
Drawing Data Matrix 2d Barcode In .NET Framework
Using Barcode drawer for ASP.NET Control to generate, create Data Matrix ECC200 image in ASP.NET applications.
spec/models/user_specrb
ECC200 Encoder In VS .NET
Using Barcode printer for VS .NET Control to generate, create Data Matrix 2d barcode image in Visual Studio .NET applications.
describe "admin attribute" do before(:each) do @user = Usercreate!(@attr) end
Painting Data Matrix 2d Barcode In Visual Basic .NET
Using Barcode maker for .NET Control to generate, create Data Matrix 2d barcode image in .NET framework applications.
10: Updating, Showing, and Deleting Users
Generating Bar Code In Java
Using Barcode creator for Java Control to generate, create barcode image in Java applications.
it "should respond to admin" do @usershould respond_to(:admin) end it "should not be an admin by default" do @usershould_not be_admin end
Painting DataMatrix In Java
Using Barcode generation for Java Control to generate, create Data Matrix ECC200 image in Java applications.
it "should be convertible to an admin" do @usertoggle!(:admin) @usershould be_admin end end end
Barcode Generation In Java
Using Barcode creator for Java Control to generate, create bar code image in Java applications.
A mockup of the user index with delete links
UCC-128 Printer In Java
Using Barcode creator for Java Control to generate, create EAN 128 image in Java applications.
Destroying Users
Paint Code 128 Code Set B In Java
Using Barcode encoder for Java Control to generate, create Code 128C image in Java applications.
Here we ve used the toggle! method to flip the admin attribute from true to false Also note that the line
International Standard Book Number Drawer In Java
Using Barcode maker for Java Control to generate, create ISBN - 10 image in Java applications.
@usershould be_admin
Barcode Printer In .NET Framework
Using Barcode generation for ASP.NET Control to generate, create barcode image in ASP.NET applications.
implies (via the RSpec boolean convention) that the user should have an admin boolean method We add the admin attribute with a migration as usual, indicating the boolean type on the command line:
Encoding GS1 128 In .NET
Using Barcode maker for .NET framework Control to generate, create EAN / UCC - 14 image in VS .NET applications.
$ rails generate migration add_admin_to_users admin:boolean
Making EAN / UCC - 13 In .NET Framework
Using Barcode drawer for .NET framework Control to generate, create UPC - 13 image in .NET framework applications.
The migration simply adds the admin column to the users table (Listing 1035), yielding the data model in Figure 1013
Make Code 3 Of 9 In Visual Basic .NET
Using Barcode creator for .NET Control to generate, create Code39 image in VS .NET applications.
Listing 1035 The migration to add a boolean admin attribute to users
Generating Barcode In .NET
Using Barcode creator for ASP.NET Control to generate, create barcode image in ASP.NET applications.
db/migrate/<timestamp>_add_admin_to_usersrb
Draw Bar Code In VS .NET
Using Barcode encoder for .NET Control to generate, create bar code image in .NET applications.
class AddAdminToUsers < ActiveRecord::Migration def selfup add_column :users, :admin, :boolean, :default => false end def selfdown remove_column :users, :admin end end
Code 128 Generator In C#.NET
Using Barcode creation for VS .NET Control to generate, create Code 128C image in VS .NET applications.
users id integer name string email string encrypted_password string salt string remember_token string admin boolean created_at datetime updated_at datetime
Figure 1013 The User model with an added admin boolean attribute
10: Updating, Showing, and Deleting Users
Note that we ve added the argument :default => false to add_column in Listing 1035, which means that users will not be administrators by default (Without the :default => false argument, admin will be nil by default, which is still false, so this step is not strictly necessary It is more explicit, though, and communicates our intentions more clearly both to Rails and to readers of our code) Finally, we migrate the development database and prepare the test database:
$ rake db:migrate $ rake db:test:prepare
As expected, Rails figures out the boolean nature of the admin attribute and automatically adds the question-mark method admin :11
$ rails console >> user = Userfirst >> useradmin => false >> userpassword = "foobar" >> usertoggle!(:admin) => true >> useradmin => true
As a final step, let s update our sample data populator to make the first user an admin (Listing 1036)
Listing 1036 The sample data populator code with an admin user
lib/tasks/sample_datarake
require 'faker' namespace :db do desc "Fill database with sample data" task :populate => :environment do Rake::Task['db:reset']invoke admin = Usercreate!(:name => "Example User",
11 The toggle! method invokes the Active Record callbacks but not the validations, so we have to set the password attribute (but not the confirmation) in order to have a non-blank password in the encrypt_password callback
Destroying Users
:email => "example@railstutorialorg", :password => "foobar", :password_confirmation => "foobar") admintoggle!(:admin) end end
Finally, re-run the populator to reset the database and then rebuild it from scratch:
$ rake db:populate
Revisiting attr_accessible You might have noticed that Listing 1036 makes the user an admin with toggle!(:admin), but why not just add :admin => true to the initialization hash The answer is, it won t work, and this is by design: only attr_accessible attributes can be assigned through mass assignment, and the admin attribute isn t accessible Listing 1037 reproduces the most recent list of attr_accessible attributes note that :admin is not on the list
Listing 1037 The attr_accessible attributes for the User model without an :admin attribute
app/models/userrb
class User < ActiveRecord::Base attr_accessor :password attr_accessible :name, :email, :password, :password_confirmation end
Explicitly defining accessible attributes is crucial for good site security If we omitted the attr_accessible list in the User model (or foolishly added :admin to the list), a malicious user could send a PUT request as follows:12
12 Command-line tools such as curl (seen in Box 32) can issue PUT requests of this form
10: Updating, Showing, and Deleting Users
put /users/17 admin=1
This request would make user 17 an admin, which could be a potentially serious security breach, to say the least Because of this danger, it is a good practice to define attr_accessible for every model