1. 首頁
  2. 問答
  3. RoR:Controller提交參數

RoR:Controller提交參數

2011-06-27 65 views
0

本教程我正在編寫一個條目提交控制器:http://www.communityguides.eu/articles/1RoR:Controller提交參數

當我嘗試提交一個條目時,我得到Users can't be blank ...我不想將user_id作爲隱藏字段傳遞,對吧?那麼我應該如何更改它以自動獲取用戶的ID?

我正在使用設計進行身份驗證。 :)而我是一個完整的鐵路新手。 這是我的控制器:

 def submit 
     @entry = current_user.articles.find(params[:id]) 

     # submit only, if article is currently in draft or rejected-state 
     if (@entry.state == 0) or (@article.state == 2) 
     @entry.state = 1 
     @entry.submitted = Time.now 

     if @entry.save 
      flash[:notice] = 'Your article was successfully submitted for approval.' 
     else 
      flash[:error] = 'There was an error while submitting your article.' 
     end   
     else 
     flash[:error] = 'This article can not be submitted.' 
     end 

     respond_to do |format| 
     format.html { redirect_to(:action => 'myarticles') } 
     format.xml { head :ok } 
     end 
    end 
    # GET /entries/1/edit 
    def edit 
    @entry = Entry.find(params[:id]) 
    end 

    # POST /entries 
    # POST /entries.xml 
    def create 
    @entry = Entry.new(params[:entry]) 

    respond_to do |format| 
     if @entry.save 
     format.html { redirect_to(@entry, :notice => 'Entry was successfully created.') } 
     format.xml { render :xml => @entry, :status => :created, :location => @entry } 
     else 
     format.html { render :action => "new" } 
     format.xml { render :xml => @entry.errors, :status => :unprocessable_entity } 
     end 
    end 
    end 

    # PUT /entries/1 
    # PUT /entries/1.xml 
    def update 
    @entry = current_user.entries.find(params[:id]) 

     #if the entry has been approved, the user cannot change the title or URL. 
     if @entry.state > 2 
      params[:entry].delete(:title) 
      params[:entry].delete(:url) 
     end 
    respond_to do |format| 
     if @entry.update_attributes(params[:entry]) 
     format.html { redirect_to(@entry, :notice => 'Entry was successfully updated.') } 
     format.xml { head :ok } 
     else 
     format.html { render :action => "edit" } 
     format.xml { render :xml => @entry.errors, :status => :unprocessable_entity } 
     end 
    end 
    end

來源

2011-06-27 Kevin Brown

回答

0

從你的描述似乎試圖創建一個新的條目時,你會遇到這樣的錯誤。

def create 
    @entry = current_user.entries.new(params[:entry]) # <-- Scope to the current user 

    respond_to do |format| 
     if @entry.save 
     format.html { redirect_to(@entry, :notice => 'Entry was successfully created.') } 
     format.xml { render :xml => @entry, :status => :created, :location => @entry } 
     else 
     format.html { render :action => "new" } 
     format.xml { render :xml => @entry.errors, :status => :unprocessable_entity } 
     end 
    end  
    end

來源

2011-06-27 23:04:32

+0

另外,您還需要對編輯操作做同樣的事情。 '@entry = current_user.entries.find(PARAMS [:編號])',以便用戶無法編輯其他用戶的條目。 –

+0

好吧!謝謝。 :)你能給我多一點解釋嗎?就像我說的,我是新的 - 我不完全理解你的意思是'範圍到...' –

+1

'Entry.find(params [:id])'可以在數據庫中找到任何Entry記錄,但通常你希望用戶只能訪問屬於他們的記錄。在上面的任何用戶的編輯操作,如果他們知道(或猜到)的ID可以編輯任何條目。通常的做法是通過限制查找只返回屬於當前用戶的條目,以防止這個問題。 'current_user.entries.find(params [:id])'通過向SQL查詢添加一個WHERE條件來做到這一點,就像'WHERE entries.user_id = 123' –

相關問題

 相關問題