Ruby routes and custom action
-
02-06-2021 - |
Question
I'm trying to incorporate Devise and Cancan into a web app. I want users with :role => "admin" to be able to delete users, and Devise's destroy action only allows users to delete themselves, so I've created a custom action for this purpose. (To override the plugin's controller file, I've copied the registrations controller over to app/controllers/registrations_controller.rb.)
Here is my custom action in my registrations_controller.rb:
def destroy_user_account
@user = User.find_by_id(params[:user])
@user.destroy
redirect_to profiles_path, :flash => { :success => "User deleted!" }
authorize! :destroy, User, :message => "You don't have authorisation to delete this user."
end
Here is how I'm trying to use it, in a link on the page where you view a user's profile. (I have things set up so that each user has_one profile; profiles are what you see at the front end. A profile is automatically created in the profiles table on user registration.)
<% if can? :update, @profile %>
| <%= link_to 'Edit Profile', edit_profile_path(@profile) %>
| <%= link_to 'Edit Settings', edit_settings_path %>
<% end %>
<% if can? :destroy, @profile.user %>
| <%= link_to "Delete User", destroy_user_account(@profile.user),
:class => "delete",
:confirm => "Are you sure?",
:title => "Delete #{@profile.user.name}"
%>
<% end %>
My tests are showing 2 failures that I can't resolve:
1) ProfilesController GET show when signed in as an admin should have a link to edit the profile Failure/Error: get :show, :id => @profile ActionView::Template::Error: undefined method
destroy_user_account' for #<#<Class:0x105b474a8>:0x1057f32e8> # ./app/views/profiles/show.html.erb:41:in
_app_views_profiles_show_html_erb___917863454_2195331000_0' # ./spec/controllers/profiles_controller_spec.rb:1432) ProfilesController GET show when signed in as an admin should have a link to delete the user's account (using the destroy_user_account action in the registrations controller) Failure/Error: get :show, :id => @profile ActionView::Template::Error: undefined method
destroy_user_account' for #<#<Class:0x105b474a8>:0x105806d20> # ./app/views/profiles/show.html.erb:41:in
_app_views_profiles_show_html_erb___917863454_2195331000_0' # ./spec/controllers/profiles_controller_spec.rb:148
Also, when I try it out in my browser, clicking on the "Delete user" link gets me the following error:
Routing Error
No route matches "/destroy-user-account/2"
Here are the routes that should cover this:
devise_for :users, #:path => '', :skip => [ :confirmations, :passwords, :registrations ], :controllers => { :registrations => "registrations" } do
# Routes for ACCOUNT REGISTRATIONS get "join", :to => "registrations#new", :as => :new_user_registration post "join", :to => "registrations#create", :as => :user_registration get "settings/account", :to => "registrations#show", :as => :settings get "settings/account/edit", :to => "registrations#edit", :as => :edit_settings put "settings/account", :to => "registrations#update", :as => :update_settings delete "close-my-account/:id", :to => "registrations#destroy", :as => :close_my_account delete "destroy-user-account/:id", :to => "registrations#destroy_user_account", :as => :destroy_user_account
Can anyone help with what I'm doing wrong?
Solution
In the browser it isn't matching the route because you're sending a GET
request but the route only matches a DELETE
request. The test fails because the route gives the name destroy_user_account_path
instead of destroy_user_account
.
Try:
<%= link_to "Delete User", destroy_user_account_path(@profile.user),
:class => "delete",
:confirm => "Are you sure?",
:title => "Delete #{@profile.user.name}"
:method => :delete
%>