User ID is NULL when saving record for logged in user

Question

I am starting to learn rails and have run into a problem. I am writing a simple application (similar to the twitter tutorials I have seen) where a user logs in and creates a new post.

When a user logs in, I am setting the session information as follows

    session[:id] = authorized_user.id
    session[:email] = authorized_user.email

So now I have the ID of the user logged in. Upon login, the user is brought to a form where they can submit a new post (3 fields.) When user clicks submit, I want to create a new record with the data they entered, and associate the record to that user (User ID). I am not exactly sure how to do this.

Below is the code on the controller:

def create
#Used for creating new status posts
#Need to get the ID of the user logged in
@user = AdminUser.find(session[:id])
#Instantiate new object using form parameters
@post = Post.new(post_params) 
@post.AdminUser = @user  # THIS IS THE LINE NOT WORKING
#Save the object
if @post.save
  #If save succeeds, redirect to the index action
  flash[:notice] = "Status has been saved"
  redirect_to(:action => 'index')
else
  #If the save fails, redisplay the form so user can fix problems
  render('new')
end
end

Here is the Private method for post_params

def post_params
#Defining the params that are allowed to be passed with forms.
params.require(:post).permit(:post_status, :post_title, :post_content)
end 

The record is saved but the UserID for the record is NULL.

My first instict was to try to pass UserID as a post parameter, but i think this is a potential security risk, so I am trying to figure out an alternate way. I am sure it is something simple and I am just missing it.

Answer 1

Rewrite the line like this, taking UserID as the column name in posts table

@post.UserID = @user.id

Answer 2

Attributes

Firstly,

@post.AdminUser = @user  # THIS IS THE LINE NOT WORKING

You should use snake_case for your attribute names (you're using CamelCase). Calling an attribute AdminUser has all sorts of potential issues which will arise down the line.

Call it admin_user or admin_id or something similar

--

Params

Secondly,

I want to create a new record with the data they entered, and associate the record to that user (User ID)

If you're trying to save a "dependent" record for an object (for example, saving a post for a user), you'll have to assign the user_id record yourself, and pass it through the params, like so:

#app/controllers/posts_controller.rb
Class PostsController < ApplicationController
    def create
         @post = Post.new(post_params)
         @post.save
    end

    private

    def post_params
        params.require(:post).permit(:title, :body).merge({user_id: authorized_user.id})
    end
end

When you create an element in your app, you're basically just taking data from the params hash & sending to the model to save. This is done using the strong_params functionality introduced in Rails 4:

    def post_params
        params.require(:post).permit(:title, :body).merge({user_id: authorized_user.id})
    end

As you can see from my example above, you basically need to be able to send through the user_id / admin_id / AdminUser value through to the model (so it can save)

You can also do this by setting the attribute as the example below:

#app/controllers/posts_controller.rb
def create
   @post = Post.new(post_params)
   @post.user_id = authorized_user.id
   @post.save
end

private

def post_params
    params.require(:post).permit(:title, :body, :user_id)
end

--

You should also look at the difference between authentication & autorhization for better definition of your logged-in user object :)