Delete data from 2 different models

I have this code inside the account controller in the “destroy” method
def destroy
@account = Account.find(params[:id])
@portal = Portal.find(:all, :conditions => [‘account_id = ?’,
@account.id ])
@portal.destroy
@account.destroy
end
any ideas?

the error displays this:

NoMethodError in AccountsController#destroy

undefined method destroy' for #<Array:0x47982a0> app/controllers/ accounts_controller.rb:78:indestroy’
Request

Parameters:

{"_method"=>“delete”,
“authenticity_token”=>“f8c32ed76159e1b51b0883ef72a4ab801b92d322”,
“id”=>“11”}

Try

for portal in @portal
portal.destroy
end

Because when you do Portal.find I think you’re getting an array, not a
portal? </random guess>

Thank you!,

Awesome. i was stuck over there,
the answere is so simple.

I love rails.

The better way would be to use :dependent => :destroy in the model.

class Account << ActiveRecord::Base
has_many :portals, :dependent => :destroy
end

and in the controller,

def destroy
@account = Account.find(params[:id])
@account.destroy
end

I believe this will work.

Hey Greg,

It’s not a bad idea if you’re passing an id direct into params. I do
believe in this format it’s properly sanitized already.

It converts it using the “to_i” function, because it assumes a primary
key lookup. “to_i” will yield to an integer value of 0 when applied to
a string.

There’s absolutely no problem with passing a param value directly into
find using this method of find.

If you’re passing it in as a condition, however, then yes, use the
question-mark or named-param method which will sanitize it better.

Julian.

Learn Ruby on Rails! Check out the FREE VIDS (for a limited time)
VIDEO #4 parts a and b now available!
http://sensei.zenunit.com/

On Tue, May 13, 2008 at 12:00 AM, Julian L.
[email protected] wrote:

It’s not a bad idea if you’re passing an id direct into params. I do
believe in this format it’s properly sanitized already.

I said it’s a bad habit to get into, and it is. The day will come
when you will make a custom route with a fairly liberal regular
expression that will allow an SQL exploit. It’s best to just never
develop the habit of trusting params to begin with.


Greg D.
http://destiney.com/

Greg D. wrote:

On Mon, May 12, 2008 at 3:36 AM, Karthi kn
[email protected] wrote:

@account = Account.find(params[:id])
@account.destroy

Passing params data directly to find() is a bad habit to get into.

Account.find( :first, :conditions => [ ‘id = ?’, params[:id] ]
).destroy rescue nil

I may be wrong here, but the primary problem seems to be being able to
delete arbitrary accounts (in this case) by passing in the right
parameters. You might want to limit the scope of the delete to the
current user like this:

class ApplicationController < ActionController::Base
def current_user
@current_user ||= User.find session[:user_id] if
!session[:user_id].blank?
end
end

And in your controller:

current_user.account.find(params[:id]).destroy

On Mon, May 12, 2008 at 3:36 AM, Karthi kn
[email protected] wrote:

@account = Account.find(params[:id])
@account.destroy

Passing params data directly to find() is a bad habit to get into.

Account.find( :first, :conditions => [ ‘id = ?’, params[:id] ]
).destroy rescue nil


Greg D.
http://destiney.com/

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs