Beginners guide

In previous articles we have covered beginner guides for debugging ruby on rails application, in this post we shall cover searching and sorting in the rails app with ransack library. After reading this article you would realise that adding Ransack gem to your MVC- model and view controller application and you’re all set to use searching and sorting. You would barely need custom routes or helpers functions. Everything is available in ransack gem :-). At the end of this article I have tried to provide alternatives to ransack and some security flaws in ransack gem if it is used in default configurations.

Introduction

Ransack will help you easily add searching and sorting capabilities to your Rails application, without any additional dependencies. You can download the latest ransack gem from ruby.org or add the version you need in Gemfile and run ‘bundle update’ to install the required version.

Setting up For Searching and Sorting in Rails App with Ransack

Lets create new app

$ rails new searchblog

add ransack gem to your gemfile and run bundle install command on command prompt

gem 'ransack'
gem 'faker'

$ bundle install 

confirm if ransack library is properly installed using ‘gem list ransack’

we can then generate the article scaffold

rails g scaffold Article title body:text

migrate db

$ rails db:migrate

searching setup of article controller

class ArticlesController < ApplicationController
before_action :set_article, only: %i[ show edit update destroy ]

# GET /articles or /articles.json
def index
  @q = Article.ransack(params[:q])
  @articles = @q.result(distinct: true)
end

Add search form in views/articles/index.html.erb

<p id="notice"><%= notice %></p>

<h1>Articles</h1>

<%= search_form_for @q do |f| %>
    <%= f.search_field :title_or_body_cont, placeholder: "Search..." %>
    <%= f.submit "Search!" %>
<% end %>

<table>
  <thead>
    <tr>
      <th><%= sort_link(@q, :title, "Title", default_order: :asc) %></th>
      <th><%= sort_link(@q, :body, "Article Content", default_order: :desc) %></th>
      <th colspan="3"></th>
    </tr>
  </thead>

  <tbody>
    <% @articles.each do |article| %>
      <tr>
        <td><%= article.title %></td>
        <td><%= article.body %></td>
        <td><%= link_to 'Show', article %></td>
        <td><%= link_to 'Edit', edit_article_path(article) %></td>
        <td><%= link_to 'Destroy', article, method: :delete, data: { confirm: 'Are you sure?' } %></td>
      </tr>
    <% end %>
  </tbody>
</table>

<br>

<%= link_to 'New Article', new_article_path %>

We will seed some data into our database to search.

# add this into db/seed.rb
5.times do |x|
    Article.create(title: Faker::Lorem.sentences(number: 1),
        body: Faker::Lorem.paragraph(sentence_count: 5))
end

Run following in command prompt

rails db:seed

Now .Let’s start server and find records by association model

$ rails s

Alternatives to Ransack

Elasticsearch

Elasticsearch is the most popular enterprise search engine. Check out elasticsearch-ruby gem from github.

I hope you have enjoyed reading Searching and Sorting in Rails App with Ransack gem. The positive.security article explains that poor integration of ransack gem is vulnerable to brute-force attacks. So, from the security point of view should we use or switch to elasticsearch-ruby gem, what are your thoughts?