I'm trying to build a very basic Rails app for posting images with a comment. The comment is a required field and the image upload should only go ahead if the comments section has a value, displaying an error message otherwise.
The problem I am having is that even when the comments section is filled in it still displays an error saying that it cannot be blank.
I have tried adding attr_accessor's with the html field names and database values but it makes no difference.
Posts model
class Post < ActiveRecord::Base
has_attached_file :picture, styles: { medium: "300x300>", thumb: "100x100>" }
attr_accessor :picture_file_name
attr_accessor :post_description
validates :description, presence: true
end
Posts controller
class PostsController < ApplicationController
def index
#posts = Post.all
end
def new
#post = Post.new
end
def create
#post = Post.new params[:post].permit(:description, :picture)
if #post.save
redirect_to '/posts'
else
render 'new'
end
end
end
new.html.erb
<% if #post.errors.any? %>
<div id="error_explanation">
<h2><%= pluralize(#post.errors.count, "error") %> prohibited this post from being saved:</h2>
<ul>
<% #post.errors.full_messages.each do |msg| %>
<li><%= msg %></li>
<% end %>
</ul>
</div>
<% end %>
<%= form_for #post, :html => { :multipart => true } do |f| %>
<%= f.label :description %>
<%= f.text_area :description %>
<%= f.label :picture %>
<%= f.file_field :picture %>
<%= f.submit %>
<% end %>
Server readout
=> Booting WEBrick
=> Rails 4.0.4 application starting in development on http://0.0.0.0:3000
=> Run `rails server -h` for more startup options
=> Ctrl-C to shutdown server
[2014-04-20 17:59:07] INFO WEBrick 1.3.1
[2014-04-20 17:59:07] INFO ruby 2.1.0 (2013-12-25) [x86_64-darwin12.0]
[2014-04-20 17:59:07] INFO WEBrick::HTTPServer#start: pid=98772 port=3000
Started POST "/posts" for 127.0.0.1 at 2014-04-20 17:59:21 +0100
ActiveRecord::SchemaMigration Load (0.2ms) SELECT "schema_migrations".* FROM "schema_migrations"
Processing by PostsController#create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"nVrCEAdT+epbltQWR74jtv1weGaq6H7YbWQKFfJNDTw=", "post"=>{"description"=>"test comment", "picture"=>#<ActionDispatch::Http::UploadedFile:0x0000010242f740 #tempfile=#<Tempfile:/var/folders/lm/vrw53rx91831vrh4228m0mfw0000gn/T/RackMultipart20140420-98772-1c9msrz>, #original_filename="dory_2.jpg", #content_type="image/jpeg", #headers="Content-Disposition: form-data; name=\"post[picture]\"; filename=\"dory_2.jpg\"\r\nContent-Type: image/jpeg\r\n">}, "commit"=>"Create Post"}
WARNING: Can't mass-assign protected attributes for Post: description, picture
app/controllers/posts_controller.rb:12:in `create'
(0.1ms) begin transaction
(0.1ms) rollback transaction
Rendered posts/new.html.erb within layouts/application (13.1ms)
Completed 200 OK in 105ms (Views: 65.6ms | ActiveRecord: 0.4ms)
Your params & form look okay
But I would change your strong params to be more conventional:
def create
#post = Post.new(post_params)
#post.save
end
private
def post_params
params.require(:post).permit(:description, :picture)
end
I found the problem.
The issue was that I had originally installed the latest version of Paperclip and then downgraded.
I had added the following gem while I was searching for a solution
gem 'protected_attributes'
This was causing all required fields not to register they were being filled in, such as in user sign up fields etc.
Once that gem was removed it worked just fine.
Related
Hey here! I'm kinda new to Rails and I've been trying to find some answers but no luck yet so here we go.
I've set up a basic Rails app and just trying to save a Client to my database with a validation but nothing seems to be coming together. Anyone could point me to the right direction please or let me know what I've been doing wrong in my code.
I keep getting errors like this:
NoMethodError in Clients#new
Showing /Users/******/Documents/******/*****/app/views/clients/_form.html.erb where line #1 raised:
undefined method `clients_path' for #<ActionView::Base:0x00000000064a50>
Did you mean? clients_new_path
Even if I remove #client = Client.new from the new method I can view the page but nothing gets saved.
I'm stuck really now so any help much appreciated!
Thanks!
My Routes.rb file:
Rails.application.routes.draw do
mount RailsAdmin::Engine => '/admin', as: 'rails_admin'
get 'dashboard/index'
root to: "home#index"
devise_for :users, controllers: {
sessions: 'users/sessions',
passwords: 'users/passwords',
registrations: 'users/registrations'
}
get '/clients/index'
get '/clients/new'
get '/clients/edit'
get '/clients/delete'
get '/clients/:id', to: 'clients#show'
post '/clients/new', to: 'clients#create'
end
My Dashboard file:
<% if user_signed_in? %>
<nav class="subnav">
<ul>
<li><%= link_to('My Clients', clients_index_path) %></li>
<li><%= link_to('Add Client', clients_new_path) %></li>
<li><%= link_to('Edit registration', edit_user_registration_path) %></li>
<li><%= link_to('Logout', destroy_user_session_path, :method => :delete) %></li>
</ul>
</nav>
<% else %>
<%= link_to('Register', new_user_registration_path) %>
<%= link_to('Login', new_user_session_path) %>
<% end %>
My ClientsController file:
class ClientsController < ApplicationController
def index
#clients = Client.all
end
def new
#client = Client.new
end
def show
#client = Client.find(params[:id])
end
def create
#client = Client.new(client_params)
if #client.save
redirect_to #client
else
render :new
end
end
def edit
end
def delete
end
private
def client_params
params.require(:client).permit(:name, :provider)
end
end
My form:
<%= form_with model: #client do |form| %>
<div>
<%= form.label :name %><br>
<%= form.text_field :name %>
<% client.errors.full_messages_for(:name).each do |message| %>
<div><%= message %></div>
<% end %>
</div>
<div>
<%= form.label :provider %><br>
<%= form.text_field :provider %>
</div>
<div>
<%= form.label :business_type %><br>
<%= form.select :business_type, ["Partnership", "Sole Trader", "Limited Company"] %>
</div>
<div>
<%= form.submit %>
</div>
<% end %>
Finally my new.html.erb file:
<h1>Clients#new</h1>
<%= render 'form', client: #client %>
clients_path is generated by resources :clients, only: :index or you probably need to give your route the name you want. Try this
get '/clients/index', as: :clients
or, if you want to specify non default paths as you're doing, your index is probably called clients_index_path, but you can check that with a rake routes or rails routes, because I'm not sure.
That said, I suggest you to go with the resources method in your routes file and use the default paths as you're trying to do. Something like
resources :clients
but now you don't have a path like /clients/index no more, just /clients for the index action.
If you're in doubts with routes try to read the guide about routing
The Rails way to declare the routes to Create, Update, Read and Destroy (CRUD) a resource is just:
Rails.application.routes.draw do
mount RailsAdmin::Engine => '/admin', as: 'rails_admin'
get 'dashboard/index'
root to: "home#index"
devise_for :users, controllers: {
sessions: 'users/sessions',
passwords: 'users/passwords',
registrations: 'users/registrations'
}
resources :clients
end
As you can see by the annotions above each method Rails does not add the "action" to the path except for the new and edit routes:
class ClientsController < ApplicationController
before_action :set_client, only: [:show, :edit, :update, :destroy]
# GET /clients
def index
#clients = Client.all
end
# GET /clients/1
def show
end
# GET /clients/new
def new
#client = Client.new
end
# POST /clients
def create
#client = Client.new(client_params)
if #client.save
redirect_to #client
else
render :new
end
end
# GET /clients/edit
def edit
end
# PATCH /clients/1
def update
if #client.update(client_params)
redirect_to #client
else
render :edit
end
end
# DELETE /clients/1
def delete
#client.destroy
redirect_to action: :index,
notice: 'Client deleted'
end
private
def set_client
#client = Client.find(params[:id])
end
def client_params
params.require(:client).permit(:name, :provider)
end
end
Thus you don't create resources with post '/clients/new' - You use POST /clients. Also when you use the "bare-bones" routing methods such as match, get, post etc Rails does not automatically add routing helper. If you actually wanted to generate the equivilent routes you would need to use:
post '/clients',
to: 'clients#create',
as: :clients
But you're much better off embracing the conventions and learning to use them to be productive.
After creating a form for the "contact us" page, I have validated the form to display "Message sent" and "Error occurred" when it is completed or left incomplete respectively.
Now when I fill the form properly and press submit, it shows "Error occurred" when it shouldn't.
This is what the terminal says when I press submit -
Started GET "/contacts/new" for 180.151.19.136 at 2020-09-08 20:25:29 +0000
Cannot render console from 180.151.19.136! Allowed networks: 127.0.0.1, ::1, 127.0.0.0/127.255.255.255
Processing by ContactsController#new as HTML
Rendering contacts/new.html.erb within layouts/application
Rendered contacts/new.html.erb within layouts/application (2.1ms)
Completed 200 OK in 40ms (Views: 39.0ms)
Started POST "/contacts" for 180.151.19.136 at 2020-09-08 20:25:37 +0000
Cannot render console from 180.151.19.136! Allowed networks: 127.0.0.1, ::1, 127.0.0.0/127.255.255.255
Processing by ContactsController#create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"d6NOXW1mPMhhLExK/ltaYtCXWKykEcSXcGJv9O4eQ6NIDr9xmEDa+tqZmB0YdnThiydVWWoWGRGQ/8H9eR4ztw==", "contact"=>{"name"=>"okay okay"}, "commit"=>"Submit"}
(0.1ms) begin transaction
(0.0ms) rollback transaction
Redirected to https://dfb077768d054560bf89dc972cd52d7c.vfs.butt9.us-east-2.amazonaws.com/contacts/new
Completed 302 Found in 4ms
Started GET "/contacts/new" for 180.151.19.136 at 2020-09-08 20:25:38 +0000
Cannot render console from 180.151.19.136! Allowed networks: 127.0.0.1, ::1, 127.0.0.0/127.255.255.255
Processing by ContactsController#new as HTML
Rendering contacts/new.html.erb within layouts/application
Rendered contacts/new.html.erb within layouts/application (3.0ms)
Completed 200 OK in 51ms (Views: 50.1ms)
This is my contact us page code, new.html.erb -
<div class="container">
<div class="row">
<h3 class="text-center">Contact Us</h3>
<div class="col-md-4 col-md-offset-4">
<%= flash[:notice] %>
<div class="well">
<%= form_for #contact do |f| %>
<div class="form-group">
<%= f.label :name %>
<%= f.text_field :name, class: 'form-control' %>
</div>
<div class="form-group">
<%= f.label :email %>
<%= f.text_field :**name**, class: 'form-control' %>
</div>
<div class="form-group">
<%= f.label :comments %>
<%= f.text_area :**name**, class: 'form-control' %>
</div>
<%= f.submit 'Submit', class: 'btn btn-default'%>
<% end %>
</div>
</div>
</div>
</div>
This is the contact.rb code -
class Contact < ActiveRecord::Base
validates :name, presence: true
validates :email, presence: true
validates :comments, presence: true
end
And this is the code on my controller file, contacts_controller.rb -
class ContactsController < ApplicationController
def new
#contact = Contact.new
end
def create
#contact = Contact.new(contact_params)
if #contact.save
redirect_to new_contact_path, notice: "Message sent."
else
redirect_to new_contact_path, notice: "Error occured."
end
end
private
def contact_params
params.require(:contact).permit(:name, :email, :comments)
end
end
This is the code I found on someone else's contacts_controller file following the same course -
class ContactsController < ApplicationController
# GET request to /contact-us
# Show new contact form
def new
#contact = Contact.new
end
# POST request /contacts
def create
# Mass assignment of form fields into contact object
#contact = Contact.new(contact_params)
# Save the Contact object to the database
if #contact.save
# Store form fields via parameters, into variables
name = params[:contact][:name]
email = params[:contact][:email]
body = params[:contact][:comments]
# Plug variables into Contact Mailer
# email method and send email
ContactMailer.contact_email(name, email, body).deliver
# Store success method in flash hash
# and redirect to the new action
flash[:success] = "Message sent."
redirect_to root_path
else
# If Contact object doesn't save,
# render to the new action
render 'new'
end
end
private
# To collect data from form, we need to use
# strong parameters and white list form fields
def contact_params
params.require(:contact).permit(:name, :email, :comments)
end
end
All my work can be found here. Please let me know if you require any other information.
Thank you for your time and help.
EDIT 1 - So the error was in new.html.erb. f.text_field/area had
'name' instead of the respective label name.
I fixed that and used the code I provided above and it is working now.
try this
def create
#contact = Contact.new
if #contact.update(contact_params)
redirect_to new_contact_path, notice: "Message sent."
else
redirect_to new_contact_path, notice: "Error occured."
end
end
So the error was in new.html.erb. f.text_field/area had 'name' instead of the respective label name.
I fixed that by replacing 'name' with 'email' and 'comments' respectively and used the code I provided above and it is working now.
I am following ruby-on-rails instruction guide to creating a simple blog web application: https://guides.rubyonrails.org/getting_started.html#generating-a-controller
All my project files are pretty much the same as the ones in the guide.
app/views/articles/show.html.erb
<p>
<strong>Title:</strong>
<%= #article.title %>
</p>
<p>
<strong>Text:</strong>
<%= #article.text %>
</p>
<h2>Add a comment:</h2>
<%= render 'comments/form' %>
<h2>Comments (<%= #article.comments.count %>)</h2>
<%= render 'comment_section' %>
<%#= render #article.comments %>
<%= link_to 'Edit', edit_article_path(#article) %> |
<%= link_to 'Delete', article_path(#article),
method: :delete,
data: {confirm: 'Are you sure?'} %> |
<%= link_to 'Back', articles_path %>
app/views/comments/_form.html.erb
<%= form_with(model: [#article, #article.comments.build], local: true) do |form| %>
<p>
<%= form.label :commenter %><br>
<%= form.text_field :commenter %>
</p>
<p>
<%= form.label :body %><br>
<%= form.text_area :body %>
</p>
<p>
<%= form.submit %>
</p>
<% end %>
app/views/articles/_comment_section.html.erb
<% if #article.comments.count > 0 %>
<%= render #article.comments %>
<% else %>
<p>There are no comments yet!</p>
<% end %>
app/views/comments/_comment.html.erb
<p>
<strong>Commenter:</strong>
<%= comment.commenter %>
</p>
<p>
<strong>Comment:</strong>
<%= comment.body %>
</p>
<p>
<%= link_to 'Delete comment', [comment.article, comment],
method: :delete,
data: {confirm: 'Are you sure you want to delete this comment?'}
%>
A simple article with no comments works as expected:
However, when showing an article with some actual comments, an extra empty comment gets displayed at the end:
When I try to delete that comment I get the following error (11 in the path is the article_id):
Deleting other comments works fine.
Rest of the files that I think might be relevant:
app/config/routes.rb
Rails.application.routes.draw do
get 'welcome/index'
resources :articles do
resources :comments
end
root 'welcome#index'
end
app/models/article.rb
class Article < ApplicationRecord
has_many :comments, dependent: :destroy
validates :title, presence: true, length: {minimum: 5}
end
app/models/comment.rb
class Comment < ApplicationRecord
belongs_to :article
end
app/controllers/articles_controller.rb
class ArticlesController < ApplicationController
def index
#articles = Article.all
end
def show
#article = Article.find(params[:id])
end
def new
#article = Article.new
end
def edit
#article = Article.find(params[:id])
end
def create
#article = Article.new(article_params)
if #article.save
redirect_to #article
else
render 'new'
end
end
def update
#article = Article.find(params[:id])
if #article.update(article_params)
redirect_to #article
else
render 'edit'
end
end
def destroy
#article = Article.find(params[:id])
#article.destroy
redirect_to articles_path
end
private
def article_params
params.require(:article).permit(:title, :text)
end
end
app/controllers/comments_controller.rb
class CommentsController < ApplicationController
def create
#article = Article.find(params[:article_id])
#comment = #article.comments.create(comment_params)
redirect_to article_path(#article)
end
def destroy
#article = Article.find(params[:article_id])
#comment = #article.comments.find(params[:id])
#comment.destroy
redirect_to article_path(#article)
end
private
def comment_params
params.require(:comment).permit(:commenter, :body)
end
end
I'm using:
ruby 2.6.5p114
Rails 6.0.0
sqlite3 3.8.7.2
RubyMine 2019.2.3
I'm developing on Windows
The reason why this is happening is this line:
<%= form_with(model: [#article, #article.comments.build], local: true) do |form| %>
The part that says #article.comments.build is building an empty comment on the article. If there are no comments on the article and you were to print out #article.comments.count it would be zero. It does this because #article.comments.count runs a query, and since the blank comment isn't saved yet, it doesn't count it against the comments count.
As a side note, #article.comments.size would return 1, since in this case it returns the size of the relation with the blank comment. This is why you don't get a blank comment when the article has no comments.
However if you were to already have a comment and print out #article.comments.count, it would be 1 because now you have a saved comment in the database. This renders your comments out on the page now. The thing is that there is a blank comment inside of the #article.comments return value. This gets printed out to the screen, and since it doesn't have an id, the route for delete gets rendered like this /article/11/comments without a comment id. This route does not exist, so you get an error.
One possible way to fix this would be to change this line in your comment_section partial from this:
<%= render #article.comments %>
to this:
<%= render #article.comments.select { |comment| comment.persisted? %>
UPDATE:
I think that arieljuod's solution is even cleaner, to change this:
<%= form_with(model: [#article, #article.comments.build], local: true) do |form| %>
To this:
<%= form_with(model: [#article, Comment.new], local: true) do |form| %>
in your views/comments/_comment.html.erb
change
<%= link_to 'Delete comment', [comment.article, comment],
method: :delete,
data: {confirm: 'Are you sure you want to delete this comment?'} %>
to
<%= link_to 'Delete comment', comment_path(comment),
method: :delete,
data: {confirm: 'Are you sure you want to delete this comment?'} %>
I have been working on PHP. Presently trying to learn Ruby on Rails. I am learning Rails online, for now I am badly stuck on Sign-up or can say a form submission page. Sorry if it's too silly.
Error is:
undefined method new for nil:NilClass
Here is the code:
users_controller.rb
class UsersController < ApplicationController
def new
#user= User.new
end
def create
#user.new(params[:user])
if #user.save
flash[:notice]= "you signed up successfully"
flash[:color]= "valid"
else
flash[:notice]= "failed"
flash[:color]="invalid"
end
render "new"
end
end
new.html.erb
<% page_title="Signup" %>
<div class="Sign_Form">
<h1>Sign up</h1>
<%= form_for(:user, :url => {:controller => 'users', :action => 'create'}) do |f| %>
<p> Username:</br> <%= f.text_field :username%> </p>
<p> Email:</br> <%= f.text_field :email%> </p>
<p> Password:</br> <%= f.password_field :password%></p>
<p> Password Confirmation:</br> <%= f.password_field :password_confirmation%> </p>
<%= f.submit :Signup %>
<% end %>
<% if #user.errors.any? %>
<ul class="Signup_Errors">
<% for message_error in #user.errors.full_messages %>
<li>* <%= message_error %></li>
<% end %>
</ul>
<% end %>
</div>
user.rb
class User < ActiveRecord::Base
attr_accessor :password
EMAIL_REGEX = /^[A-Z0-9._%+-]+#[A-Z0-9.-]+\.[A-Z]{2,4}$/i
validates :username, :presence => true, :uniqueness => true, :length => { :in => 3..20 }
validates :email, :presence => true, :uniqueness => true #:format => EMAIL_REGEX
validates :password, `enter code here`:presence =>true #:confirmation => true #password_confirmation attr
validates_length_of :password, :in => 6..20, :on => :create
end
In your users_controller > create, you put capital letter on User param.
For your case, it should be all lower case params[:user].
Side note, it actually depends on your attribute name you set on the form in the first place.
Edit:
In addition of that you should put #user = User.new(params[:user])
First thing you should create new object of User class
Second pass correct params key
change first line in create method to
#user = User.new(params[:user])
So the changed code will look like this:
class UsersController < ApplicationController
def new
#user= User.new
end
def create
#user = User.new(params[:user])
if #user.save
flash[:notice]= "you signed up successfully"
flash[:color]= "valid"
else
flash[:notice]= "failed"
flash[:color]="invalid"
end
render "new"
end
end
change #user.new(params[:user]) to #user = User.new(params[:user]) I creates #user but it is not saved to database yet. On the line below #user.save that is when it gets saved. And remove render new because it will render the template with out setting the variables that the template needs. instead use redirect_to :new that will send the user to new and also set the variables needed
I guess you need to allow the params of User model in the User controller so as to avoid the forbidden error message as mentioned here. Please note that this is Rails feature as mentioned
Rails has several security features that help you write secure applications, and you're running into one of them now. This one is called strong parameters, which requires us to tell Rails exactly which parameters are allowed into our controller actions.
Thanks
I am very new bee to ruby on rails, i have just created a small project which add,update and delete a record from mysql db
I am able to successfully add and delete record from mysql db from ruby application
But the issue is only when i try to update the existing record
My code is as follows,
Controller:
class BookController < ApplicationController
def list
#books = Book.find(:all)
end
def show
#book = Book.find(params[:id])
end
def new
#book = Book.new
#subjects = Subject.find(:all)
end
def create
#book = Book.new(params[:book])
if #book.save
redirect_to :action => 'list'
else
#subjects = Subject.find(:all)
render :action => 'new'
end
end
def edit
#book = Book.find(:all)
#subjects = Subject.find(:all)
end
def update
#book = Book.find(params[:id])
if #book.update_attributes(params[:book])
redirect_to :action => 'show', :id => #book
else
#subjects = Subject.find(:all)
render :action => 'edit'
end
end
def delete
Book.find(params[:id]).destroy
redirect_to :action => 'list'
end
def show_subjects
#subject = Subject.find(params[:id])
end
end
List HTML:
<% if #books.blank? %>
<p>There are not any books currently in the system.</p>
<% else %>
<p>These are the current books in our system</p>
<ul id="books">
<% #books.each do |c| %>
<li>
<%= link_to c.title, {:action => 'show', :id => c.id} -%>
<b><%= link_to "edit", {:action => 'edit', :id => c.id} %></b>
<b> <%= link_to "Delete", {:action => 'delete', :id => c.id},
:confirm => "Are you sure you want to delete this item?" %></b>
</li>
<% end %>
</ul>
<% end %>
<p><%= link_to "Add new Book", {:action => 'new' }%></p>
Edit HTML:
=========
<h1>Edit Book Detail</h1>
<%= form_tag(:action=> "update") do%>
<p><label for="book_title">Title</label>:
<%= text_field 'book', 'title' %></p>
<p><label for="book_price">Price</label>:
<%= text_field 'book', 'price' %></p>
<p><label for="book_subject">Subject</label>:
<%= collection_select(:book, :subject_id,
#subjects, :id, :name) %></p>
<p><label for="book_description">Description</label><br/>
<%= text_area 'book', 'description' %></p>
<%= submit_tag "Save changes" %>
<%end %>
<%= link_to 'Back', {:action => 'list' } %>
I am getting the following exception when i try to edit a record from URL http://localhost:3000/book/edit/5,
Showing C:/app/app/views/book/edit.html where line #5 raised:
undefined method `title' for #<Array:0x33315c0>
Extracted source (around line #5):
2: <%= form_tag(:action=> "update") do%>
3:
4: <p><label for="book_title">Title</label>:
5: <%= text_field 'book', 'title' %></p>
6: <p><label for="book_price">Price</label>:
7: <%= text_field 'book', 'price' %></p>
8: <p><label for="book_subject">Subject</label>:
BTW i am using rails3,ruby1.2 and mysql5.5.
As i am in a learning curve, it will be very useful if some one can help me in this issue.
For some reason you're loading all the book records when the usual intention of the edit method is to edit one of them.
To fix this, you should define a before_filter hook that handles loading records:
class BookController < ApplicationController
# Set a handler for loading the book for most actions, except those
# where loading a single book is not relevant.
before_filter :load_book, :except => [ :index, :new, :create ]
def edit
#subjects = Subject.find(:all)
end
def update
# Call the update_attributes method that will throw an exception if
# an error occurs.
#book.update_attributes!(params[:book])
redirect_to :action => 'show', :id => #book
rescue ActiveRecord::RecordInvalid
# This exception is triggered if there was an error saving the record
# because of a validation problem.
# Trigger 'edit' action
edit
# Render as if on 'edit' page
render :action => 'edit'
end
protected
def load_book
#book = Book.find(params[:id])
end
end
As a note, any time you call either find(:all) or all on a model, you run the risk of using up all the system memory and crashing both your application and the server it's running on. Pagination is absolutely essential unless you can be certain the number of records is small.
Using a before_filter makes it a lot easier to consolidate your various redundant find calls into one place and can make error handling a lot simpler.