使用Rails 3.2和Paperclip一次性使用HTML5 multipart
上傳多個文件(照片)。這裏是我的形式:在多部分文件上傳陣列中添加user_id
# shops/_form.html.erb
<%= form_for @shop, :url => { :action => action, :type => type }, :html => { :multipart => true } do |f| %>
<%= f.text_field :name %>
<%= f.file_field :shop_photos_data, :multiple => true, :name => "shop[photos_attributes][][data]" %>
<% end %>
它的工作原理,併產生更新時/創建了以下結果:
{"utf8"=>"✓",
"authenticity_token"=>"9jXvIwcllct7UyUfo6cvhEucQf2u3SY50SuaCLtFO4c=",
"shop"=>{
"name"=>"First shop",
"photos_attributes"=>{"0"=>{
"image"=>[
#<ActionDispatch::Http::UploadedFile:0x00000104b78978
@original_filename="first_test_image.jpg",
@content_type="image/jpeg",
@headers="Content-Disposition: form-data; name=\"gallery[photos_attributes][0][image][]\"; filename=\"first_test_image.jpg\"\r\nContent-Type: image/jpeg\r\n",
@tempfile=#<File:/var/folders/bQ/bQYZC2ukFZCvbKzEDGRtJE+++TI/-Tmp-/RackMultipart20110622-4459-vz78ee>>,
#<ActionDispatch::Http::UploadedFile:0x00000104b78950
@original_filename="second_test_image.jpg",
@content_type="image/jpeg",
@headers="Content-Disposition: form-data; name=\"gallery[photos_attributes][0][image][]\"; filename=\"second_test_image.jpg\"\r\nContent-Type: image/jpeg\r\n",
@tempfile=#<File:/var/folders/bQ/bQYZC2ukFZCvbKzEDGRtJE+++TI/-Tmp-/RackMultipart20110622-4459-1jzhhyg>>
]
}
}
}, "commit"=>"Save", "action"=>"create", "controller"=>"shops"}
它的工作原理,以及它進入shops_controller.rb
,但不進入photos_controller.rb
。
這裏是我的代碼的其他部分:
# photo.rb
class Photo < ActiveRecord::Base
belongs_to :attachable, :polymorphic => true, :counter_cache => true
belongs_to :user, :counter_cache => true
attr_accessible :data, :attachable_id, :attachable_type, :user_id
end
# shop.rb
class Shop < ActiveRecord::Base
attr_protected :photos_count
has_many :photos, :as => :attachable, :dependent => :destroy
accepts_nested_attributes_for :photos, :allow_destroy => true
end
# photos_controller.rb
class PhotosController < ApplicationController
end
# shops_controller.rb
class ShopsController < ApplicationController
before_filter :require_user, :only => [:new, :edit, :update, :create]
...
def update
@shop = Shop.find(params[:id])
if @shop.update_attributes(params[:shop])
flash[:notice] = 'Successfully updated.'
redirect_to shop_path(@shop)
else
render :action => :edit
end
end
end
我在Photo
模型user_id
場。目前,user_id
未保存在每個新的Photo
記錄中。我可以在shops_controller.rb
中做什麼以將user_id
包含在文件上傳陣列中?我不想這樣做,因爲它暴露了安全性。
謝謝。
一般來說,通過默默無聞的方式來實踐安全並不是一件好事,只需將它添加到我所說的形式即可。 – 8vius
@ 8vius,如何添加? – Victor
你不能通過'@ photo.user.id'訪問'user_id'嗎?照片屬於用戶 –