Contents
Beginners guide
In previous articles we have covered beginner guides for debugging ruby on rails application, in this post we shall cover searching and sorting in the rails app with ransack library. After reading this article you would realise that adding Ransack gem to your MVC- model and view controller application and you’re all set to use searching and sorting. You would barely need custom routes or helpers functions. Everything is available in ransack gem :-). At the end of this article I have tried to provide alternatives to ransack and some security flaws in ransack gem if it is used in default configurations.
Introduction
Ransack will help you easily add searching and sorting capabilities to your Rails application, without any additional dependencies. You can download the latest ransack gem from ruby.org or add the version you need in Gemfile and run ‘bundle update’ to install the required version.
Setting up For Searching and Sorting in Rails App with Ransack
Lets create new app
$ rails new searchblog
add ransack gem to your gemfile and run bundle install command on command prompt
gem 'ransack'
gem 'faker'
$ bundle install
confirm if ransack library is properly installed using ‘gem list ransack’
we can then generate the article scaffold
rails g scaffold Article title body:text
migrate db
$ rails db:migrate
searching setup of article controller
class ArticlesController < ApplicationController
before_action :set_article, only: %i[ show edit update destroy ]
# GET /articles or /articles.json
def index
@q = Article.ransack(params[:q])
@articles = @q.result(distinct: true)
end
Add search form in views/articles/index.html.erb
<p id="notice"><%= notice %></p>
<h1>Articles</h1>
<%= search_form_for @q do |f| %>
<%= f.search_field :title_or_body_cont, placeholder: "Search..." %>
<%= f.submit "Search!" %>
<% end %>
<table>
<thead>
<tr>
<th><%= sort_link(@q, :title, "Title", default_order: :asc) %></th>
<th><%= sort_link(@q, :body, "Article Content", default_order: :desc) %></th>
<th colspan="3"></th>
</tr>
</thead>
<tbody>
<% @articles.each do |article| %>
<tr>
<td><%= article.title %></td>
<td><%= article.body %></td>
<td><%= link_to 'Show', article %></td>
<td><%= link_to 'Edit', edit_article_path(article) %></td>
<td><%= link_to 'Destroy', article, method: :delete, data: { confirm: 'Are you sure?' } %></td>
</tr>
<% end %>
</tbody>
</table>
<br>
<%= link_to 'New Article', new_article_path %>
We will seed some data into our database to search.
# add this into db/seed.rb
5.times do |x|
Article.create(title: Faker::Lorem.sentences(number: 1),
body: Faker::Lorem.paragraph(sentence_count: 5))
end
Run following in command prompt
rails db:seed
Now .Let’s start server and find records by association model
$ rails s
Alternatives to Ransack
Elasticsearch
Elasticsearch is the most popular enterprise search engine. Check out elasticsearch-ruby gem from github.
I hope you have enjoyed reading Searching and Sorting in Rails App with Ransack gem. The positive.security article explains that poor integration of ransack gem is vulnerable to brute-force attacks. So, from the security point of view should we use or switch to elasticsearch-ruby gem, what are your thoughts?