Chris Oliver

Doh! That would make a LOT of sense. I need to learn more about how to write my jQuery better for turbolinks support but I always notice things that it caches weird navigation items.

And thanks! We've got a lot of great plans to just keep improving things. :)

Hmm, what does your javascript look like?

Oh interesting, it definitely could be then. I haven't seen that lib before but that's cool. I like that it works across rows. Stupid that CSS can't do it easily!

Interesting regarding the refresh problem. Your code seems fine, but are there any Javascript errors on the page the first time you load it?

Awesome!! :)

That seems right, but it sounds like your JS is making a POST to the create action. Which means your sort action isn't being called.

Basically this Started POST "/admin/sections" for 127.0.0.1 at 2014-12-19 14:26:28 +0100
Should be Started POST "/admin/sections/sort" for 127.0.0.1 at 2014-12-19 14:26:28 +0100

And there is something causing your JS to POST to the wrong URL.

I think your JS isn't grabbing the update-url attribute because your attribute doesn't match. You've got $(this).data('update_url') in the JS but data-update-url in the view. Data attributes always use dashes, so I'm guessing that this returns a null and it POSTs to the current url which is /admin/sections.

Change that to $(this).data('update-url') and I think you'll be alright. Does that make sense?

The goal is not to use passwords for ssh so it is more secure. You'll just need to copy your ssh public key to the deploy user with ssh-copy-id. Double check that you can ssh into deploy without a password so Capistrano can too.

Does your update_url data attribute point to /sections/sort?

Ah ha! That's sending to your create action, but you have a sort action for sorting. You'll need to update your JS to point to the sort sections route.

You would have to have an API endpoint for user creation that doesn't require an API key. It would be just like having a form on a website more or less. Check this out for a decent example on how to build an endpoint like this: http://stackoverflow.com/a/...

Oh duh. You probably don't need strong_params for this. Your original logs were calling section_params so I was thinking about fixing that.

Your sort method should work fine like that unless the update_all query needs to get different parameters in the new ActiveRecord versions but you should be good.

That's a good idea. I'll hook that in soon.

You don't have to run it manually like you do in development. When you run Capistrano, it runs bundler which installs the Rails gem. Then, Nginx is always running and it fires up Passenger which starts your Rails app for you. So basically Nginx is the thing that runs your Rails app in production and all you need to do is make sure Nginx is running.

Since that user can add access to other users specific to that post, you'll probably want to create a join table between the two and then use CanCanCan to verify if they are the owner or an editor.

Right now you probably have this:

class Post
  belongs_to :user
end

class User
  has_many :posts
end

And if you refactor so that the users are stored in a join table, you can have multiple users with access to a post:

class Post
  has_many :post_users
  has_many :users, through: :post_users
end

class PostUser
  belongs_to :post
  belongs_to :user
end

class User
  has_many :post_users
  has_many :posts, through: :post_users
end

When you create a post, you'll want to add @post.users << current_user so that the person who created the post is in the users list.
You can add another action to give access to another user which just accepts a user_id and does something like the following:

def add_user
  @user = User.find(params[:user_id])
  @post.users << @user
  redirect_to @post, notice: "#{@user.name} can now edit the post"
end

Then you can simply use CanCanCan to check if the user is in the users array for a post. If they are they can manage the post; if they aren't they can't manage the post.

Does that make sense for what you want?

Oh that's a good point. It's not formatted properly for strong_params, so you'd have trouble with it accepting things. I'll definitely plan on covering an update to that to how to do it formatted a little more standardized for strong_params.

In the meantime, you should be able to change your require & permit to just this:

def order_params
  params.permit(section: [])
end

Note that you'll only want to use this on the sort action and not the rest of the regular crud actions.

Maybe they aren't using something as friendly as Ruby on Rails. ;-)

Exactly! Devise uses a "reset_password_token" that gets sent over email to you. When you click the link, the token is in the url and then gets put in the new password form. When you submit the form, it looks up your user by that token and then updates your password and signs you in.

<3

Here's a first episode on the topic! :) https://gorails.com/episodes/api-tokens-with-devise-token-authenticatable

API tokens in Redis would be useful for accessing them very quickly without hitting the database. Performance would be the primary reason here and you could also have them autoexpire using the built in Redis expiration functionality

Paste a Github gist of your code and the HTML it generates and I'll take a look for ya!