1. 首頁
  2. 問答
  3. 在多部分文件上傳陣列中添加user_id

在多部分文件上傳陣列中添加user_id

2012-12-02 35 views
0

使用Rails 3.2和Paperclip一次性使用HTML5 multipart上傳多個文件(照片)。這裏是我的形式:在多部分文件上傳陣列中添加user_id

# shops/_form.html.erb 
<%= form_for @shop, :url => { :action => action, :type => type }, :html => { :multipart => true } do |f| %> 
    <%= f.text_field :name %> 
    <%= f.file_field :shop_photos_data, :multiple => true, :name => "shop[photos_attributes][][data]" %> 
<% end %>

它的工作原理,併產生更新時/創建了以下結果:

{"utf8"=>"✓", 
"authenticity_token"=>"9jXvIwcllct7UyUfo6cvhEucQf2u3SY50SuaCLtFO4c=", 
"shop"=>{ 
    "name"=>"First shop", 
    "photos_attributes"=>{"0"=>{ 
    "image"=>[ 
     #<ActionDispatch::Http::UploadedFile:0x00000104b78978 
     @original_filename="first_test_image.jpg", 
     @content_type="image/jpeg", 
     @headers="Content-Disposition: form-data; name=\"gallery[photos_attributes][0][image][]\"; filename=\"first_test_image.jpg\"\r\nContent-Type: image/jpeg\r\n", 
     @tempfile=#<File:/var/folders/bQ/bQYZC2ukFZCvbKzEDGRtJE+++TI/-Tmp-/RackMultipart20110622-4459-vz78ee>>, 
     #<ActionDispatch::Http::UploadedFile:0x00000104b78950 
     @original_filename="second_test_image.jpg", 
     @content_type="image/jpeg", 
     @headers="Content-Disposition: form-data; name=\"gallery[photos_attributes][0][image][]\"; filename=\"second_test_image.jpg\"\r\nContent-Type: image/jpeg\r\n", 
     @tempfile=#<File:/var/folders/bQ/bQYZC2ukFZCvbKzEDGRtJE+++TI/-Tmp-/RackMultipart20110622-4459-1jzhhyg>> 
     ] 
    } 
    } 
}, "commit"=>"Save", "action"=>"create", "controller"=>"shops"}

它的工作原理,以及它進入shops_controller.rb,但不進入photos_controller.rb

這裏是我的代碼的其他部分:

# photo.rb 
class Photo < ActiveRecord::Base 
    belongs_to :attachable, :polymorphic => true, :counter_cache => true 
    belongs_to :user, :counter_cache => true 
    attr_accessible :data, :attachable_id, :attachable_type, :user_id 
end 

# shop.rb 
class Shop < ActiveRecord::Base 
    attr_protected :photos_count 
    has_many :photos, :as => :attachable, :dependent => :destroy 
    accepts_nested_attributes_for :photos, :allow_destroy => true 
end 

# photos_controller.rb 
class PhotosController < ApplicationController 
end 

# shops_controller.rb 
class ShopsController < ApplicationController 
    before_filter :require_user, :only => [:new, :edit, :update, :create] 

    ... 

    def update 
    @shop = Shop.find(params[:id]) 
    if @shop.update_attributes(params[:shop]) 
     flash[:notice] = 'Successfully updated.' 
     redirect_to shop_path(@shop) 
    else 
     render :action => :edit 
    end 
    end 
end

我在Photo模型user_id場。目前,user_id未保存在每個新的Photo記錄中。我可以在shops_controller.rb中做什麼以將user_id包含在文件上傳陣列中?我不想這樣做,因爲它暴露了安全性。

謝謝。

來源

2012-12-02 Victor

+0

一般來說,通過默默無聞的方式來實踐安全並不是一件好事,只需將它添加到我所說的形式即可。 – 8vius

+0

@ 8vius,如何添加? – Victor

+0

你不能通過'@ photo.user.id'訪問'user_id'嗎?照片屬於用戶 –

回答

0

把這個shops_controller.rb

def update 
    @shop = Shop.find(params[:id]) 

    photos = params[:shop][:photos_attributes] 

    if !photos.blank? 
    photos.each do |photo| 
     photo.merge!(:user_id => current_user.id) 
    end 
    end 

    if @shop.update_attributes(params[:shop]) 
    flash[:notice] = 'Successfully updated.' 
    redirect_to shop_path(@shop) 
    else 
    render :action => :edit 
    end 
end

來源

2012-12-02 15:08:26 Victor

0

將字段添加到表單中使用隱藏域是這樣的:

<%= hidden_field_tag "user", @user.id %>

然後在控制器,你可以這樣訪問:

params[:user]

來源

2012-12-02 16:03:21 8vius

相關問題

 相關問題