1. 首頁
  2. 問答
  3. 使用friendly_id時,爲什麼我不能編輯和銷燬我的別針?

使用friendly_id時,爲什麼我不能編輯和銷燬我的別針?

2015-11-30 80 views
2

我相信我從friendly_id github頁面正確地執行了所有步驟。我知道它可以工作,因爲它將我的網址從/ 1更改爲/ sample-url。但是,問題是我不能編輯和銷燬我已經改變的URL的引腳。使用friendly_id時,爲什麼我不能編輯和銷燬我的別針?

我希望有人能幫我解決這個問題。謝謝!

/pins_controller.rb

class PinsController < ApplicationController 
    before_action :set_pin, only: [:show, :edit, :update, :destroy] 
    before_action :correct_user, only: [:edit, :update, :destroy] 
    before_action :authenticate_user!, except: [:index, :show] 

    respond_to :html 

    def index 
    @pins = Pin.all.order("created_at DESC").paginate(:page => params[:page], :per_page => 8) 
    respond_with(@pins) 
    end 

    def show 
    respond_with(@pin) 
    end 

    def new 
    @pin = current_user.pins.build 
    respond_with(@pin) 
    end 

    def edit 
    end 

    def create 
    @pin = current_user.pins.build(pin_params) 
    if @pin.save 
     redirect_to @pin, notice: "Pin was successfully created." 
    else 
     render action: "new" 
    end 
    end 

    def update 
    if @pin.update(pin_params) 
     redirect_to @pin, notice: "Pin was successfully updated." 
    else 
     render action: "edit" 
    end 
    end 

    def destroy 
    @pin.destroy 
    respond_with(@pin) 
    end 

    def upvote 
    @pin = Pin.find(params[:id]) 
    @pin.upvote_by current_user 
    redirect_to :back 
    end 

    def downvote 
    @pin = Pin.find(params[:id]) 
    @pin.downvote_from current_user 
    redirect_to :back 
    end 

    private 
    def set_pin 
     @pin = Pin.friendly.find(params[:id]) 
    end 

    def correct_user 
     @pin = current_user.pins.find_by(id: params[:id]) 
     redirect_to pins_path, notice: "Not authorized to edit this pin" if @pin.nil? 
    end 

    def pin_params 
     params.require(:pin).permit(:description, :image) 
    end 
end

/pin.rb

class Pin < ActiveRecord::Base 

    acts_as_votable 

    belongs_to :user 

    has_attached_file :image, :styles => { :medium => '300x300>', :thumb => '100x100>' } 
    validates_attachment_content_type :image, :content_type => ["image/jpg", "image/jpeg", "image/png"] 

    validates :image, presence: true 
    validates :description, presence: true 

    extend FriendlyId 
    friendly_id :description, use: :slugged 
end

來源

2015-11-30 Jeramae Bohol

回答

3

罪魁禍首是correct_user@pin = current_user.pins.find_by(id: params[:id])

請注意,對於編輯,更新和銷燬操作,您需要兩次提取引腳。一旦進入set_pin,並進入correct_user。在correct_user中,您只需檢查@pin.user_id == current_user.id

此外,您現在的方式,您的用戶身份驗證authenticate_user!最後運行,如果未經身份驗證的用戶向編輯操作提交請求,將導致錯誤。

class PinsController < ApplicationController 
    #authenticate_user! must go first 
    before_action :authenticate_user!, except: [:index, :show] 
    before_action :set_pin, only: [:show, :edit, :update, :destroy] 
    before_action :correct_user, only: [:edit, :update, :destroy] 


    respond_to :html 

    .... your actions here 

    private 
    def set_pin 
     @pin = Pin.friendly.find(params[:id]) 
    end 

    def correct_user 
     unless @pin.user_id == current_user.id 
     redirect_to pins_path, notice: "Not authorized to edit this pin" 

     #you must return false to halt 
     false 
     end 
    end 

    def pin_params 
     params.require(:pin).permit(:description, :image) 
    end 
end

來源

2015-11-30 18:07:01 AbM

+0

Thanks AbM!這非常有幫助。我從來沒有想過before_actions的順序很重要。所以對於我未來的項目,只有authenticate_user!應該先來,所有其他人都可以不按順序? –

+0

訂單將很重要。 'before_action's按照你定義的順序運行。如果一個頁面需要認證,你可能應該首先運行'authenticate_user!'。在我提供的解決方案中,'set_pin'必須運行第二個以設置'@ pin'。如果不是這種情況(即'correct_user'是第二個),將會引發一個錯誤(告訴你nil類沒有'user_id'),因爲'@ pin'將不會被定義。試試看看我的意思 – AbM

+0

是的,我完全明白你的意思。謝了哥們! –

相關問題

 相關問題