Rails - May 2008 - delete data from 2 different models

I''m trying to delete an account but at the same time i''d like
to
delete the portals that belongs to the account.
This is what i wrote but it''s not working.
how can i deal with this problem?

I have this code inside the account controller in the "destroy" method
def destroy
  @account = Account.find(params[:id])
  @portal = Portal.find(:all, :conditions => [''account_id =
?'',
@account.id ])
  @portal.destroy
  @account.destroy
end
any ideas?

the error displays this:

NoMethodError in AccountsController#destroy

undefined method `destroy'' for #<Array:0x47982a0>
app/controllers/accounts_controller.rb:78:in `destroy''
Request

Parameters:

{"_method"=>"delete",
 "authenticity_token"=>"f8c32ed76159e1b51b0883ef72a4ab801b92d322",
 "id"=>"11"}

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

I have this code inside the account controller in the "destroy" method
def destroy
  @account = Account.find(params[:id])
  @portal = Portal.find(:all, :conditions => [''account_id =
?'',
@account.id ])
  @portal.destroy
  @account.destroy
end
any ideas?

the error displays this:

NoMethodError in AccountsController#destroy

undefined method `destroy'' for #<Array:0x47982a0>
app/controllers/
accounts_controller.rb:78:in `destroy''
Request

Parameters:

{"_method"=>"delete",
 "authenticity_token"=>"f8c32ed76159e1b51b0883ef72a4ab801b92d322",
 "id"=>"11"}

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Try

for portal in @portal
portal.destroy
end

Because when you do Portal.find I think you''re getting an array, not a
portal? </random guess>

On May 9, 12:38 pm, RoR_Nb
<raveloteterocabi...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:
> I have this code inside the account controller in the "destroy"
method
> def destroy
>   @account = Account.find(params[:id])
>   @portal = Portal.find(:all, :conditions => [''account_id =
?'',
> @account.id ])
>   @portal.destroy
>   @account.destroy
> end
> any ideas?
>
> the error displays this:
>
> NoMethodError in AccountsController#destroy
>
> undefined method `destroy'' for #<Array:0x47982a0>
app/controllers/
> accounts_controller.rb:78:in `destroy''
> Request
>
> Parameters:
>
> {"_method"=>"delete",
> 
"authenticity_token"=>"f8c32ed76159e1b51b0883ef72a4ab801b92d322",
>  "id"=>"11"}
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Thank you!,

Awesome. i was stuck over there,
the answere is so simple.

I love rails.

On May 9, 10:38 am, RoR_Nb
<raveloteterocabi...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:
> I have this code inside the account controller in the "destroy"
method
> def destroy
>   @account = Account.find(params[:id])
>   @portal = Portal.find(:all, :conditions => [''account_id =
?'',
> @account.id ])
>   @portal.destroy
>   @account.destroy
> end
> any ideas?
>
> the error displays this:
>
> NoMethodError in AccountsController#destroy
>
> undefined method `destroy'' for #<Array:0x47982a0>
app/controllers/
> accounts_controller.rb:78:in `destroy''
> Request
>
> Parameters:
>
> {"_method"=>"delete",
> 
"authenticity_token"=>"f8c32ed76159e1b51b0883ef72a4ab801b92d322",
>  "id"=>"11"}
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

The better way would be to use :dependent => :destroy in the model.

class Account << ActiveRecord::Base
  has_many :portals, :dependent => :destroy
end

and in the controller,

def destroy
  @account = Account.find(params[:id])
  @account.destroy
end

I believe this will work.
-- 
Posted via http://www.ruby-forum.com/.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

On Mon, May 12, 2008 at 3:36 AM, Karthi kn
<rails-mailing-list-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org>
wrote:
>   @account = Account.find(params[:id])
>   @account.destroy
Passing params data directly to find() is a bad habit to get into.

Account.find( :first, :conditions => [ ''id = ?'',
params[:id] ]
).destroy rescue nil


-- 
Greg Donald
http://destiney.com/

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Hey Greg,

It''s not a bad idea if you''re passing an id direct into
params. I do
believe in this format it''s properly sanitized already.

It converts it using the "to_i" function, because it assumes a primary
key lookup. "to_i" will yield to an integer value of 0 when applied to
a string.

There''s absolutely no problem with passing a param value directly into
find using this method of find.

If you''re passing it in as a condition, however, then yes, use the  
question-mark or named-param method which will sanitize it better.

Julian.

Learn Ruby on Rails! Check out the FREE VIDS (for a limited time)  
VIDEO #4 parts a and b now available!
http://sensei.zenunit.com/


On 13/05/2008, at 2:20 PM, Greg Donald wrote:
>
> On Mon, May 12, 2008 at 3:36 AM, Karthi kn
> <rails-mailing-list-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org> wrote:
>>  @account = Account.find(params[:id])
>>  @account.destroy
>
> Passing params data directly to find() is a bad habit to get into.
>
> Account.find( :first, :conditions => [ ''id = ?'',
params[:id] ]
> ).destroy rescue nil
>
>
> -- 
> Greg Donald
> http://destiney.com/
>
> >







--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

On Tue, May 13, 2008 at 12:00 AM, Julian Leviston
<julian-AfxEtdRqmE/tt0EhB6fy4g@public.gmane.org>
wrote:
>  It''s not a bad idea if you''re passing an id direct into
params. I do
>  believe in this format it''s properly sanitized already.
I said it''s a bad _habit_ to get into, and it is.  The day will come
when you will make a custom route with a fairly liberal regular
expression that will allow an SQL exploit.  It''s best to just never
develop the habit of trusting params to begin with.


-- 
Greg Donald
http://destiney.com/

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Greg Donald wrote:
> On Mon, May 12, 2008 at 3:36 AM, Karthi kn
> <rails-mailing-list-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org> wrote:
>>   @account = Account.find(params[:id])
>>   @account.destroy
> 
> Passing params data directly to find() is a bad habit to get into.
> 
> Account.find( :first, :conditions => [ ''id = ?'',
params[:id] ]
> ).destroy rescue nil
> 

I may be wrong here, but the primary problem seems to be being able to 
delete arbitrary accounts (in this case) by passing in the right 
parameters.  You might want to limit the scope of the delete to the 
current user like this:

class ApplicationController < ActionController::Base
  def current_user
    @current_user ||= User.find session[:user_id] if 
!session[:user_id].blank?
  end
end

And in your controller:

current_user.account.find(params[:id]).destroy
-- 
Posted via http://www.ruby-forum.com/.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---