我有一个简单的rails应用程序,在其中一种形式中,我试图使用隐藏字段标记将当前用户的值保存到字段中。
我的应用程序控制器有user_authenticate方法,它也设置了@current_user的值,如下所示。
class ApplicationController < ActionController::Base
protect_from_forgery with: :exception
protected
def authenticate_user
if session[:user_id]
# set current user object to @current_user object variable
@current_user = User.find session[:user_id]
return true
else
redirect_to(:controller => 'sessions', :action => 'login')
return false
end
end
def save_login_state
if session[:user_id]
redirect_to(:controller => 'sessions', :action => 'home')
return false
else
return true
end
end
end
class Receipt < ApplicationRecord
belongs_to :currency
belongs_to :user
end
<%= form_for(receipt) do |f| %>
<% if receipt.errors.any? %>
<div id="error_explanation">
<h2><%= pluralize(receipt.errors.count, "error") %> prohibited this receipt from being saved:</h2>
<ul>
<% receipt.errors.full_messages.each do |message| %>
<li><%= message %></li>
<% end %>
</ul>
</div>
<% end %>
<div align="center" style="text-align: right; width: 50%">
<div class="field">
<%= f.label :receipt_date %>
<%= f.date_select :receipt_date %>
</div>
</br>
<div class="field">
<%= f.label :receipt_amount %>
<%= f.text_field :receipt_amount %>
</div>
</br>
<div class="field">
<%= f.label :Currency%>
<%= f.collection_select :currency_id, Currency.all, :id, :currency %>
</div>
</br>
<div class="field">
<%= f.hidden_field :user_id, :user_id => @current_user %>
</div>
</br>
<div class="actions">
<%= f.submit %>
</div>
</div>
<% end %>
然而,当我保存记录时,我收到一个错误 - “用户必须存在”。基本上,用户字段将为'nil'。
我的收据控制器就像这样
class ReceiptsController < ApplicationController
before_action :set_receipt, only: [:show, :edit, :update, :destroy]
# GET /receipts
# GET /receipts.json
def index
@receipts = Receipt.all
end
# GET /receipts/1
# GET /receipts/1.json
def show
end
# GET /receipts/new
def new
@receipt = Receipt.new
end
# GET /receipts/1/edit
def edit
end
# POST /receipts
# POST /receipts.json
def create
@receipt = Receipt.new(receipt_params)
respond_to do |format|
if @receipt.save
format.html { redirect_to @receipt, notice: 'Receipt was successfully created.' }
format.json { render :show, status: :created, location: @receipt }
else
format.html { render :new }
format.json { render json: @receipt.errors, status: :unprocessable_entity }
end
end
end
# PATCH/PUT /receipts/1
# PATCH/PUT /receipts/1.json
def update
respond_to do |format|
if @receipt.update(receipt_params)
format.html { redirect_to @receipt, notice: 'Receipt was successfully updated.' }
format.json { render :show, status: :ok, location: @receipt }
else
format.html { render :edit }
format.json { render json: @receipt.errors, status: :unprocessable_entity }
end
end
end
# DELETE /receipts/1
# DELETE /receipts/1.json
def destroy
@receipt.destroy
respond_to do |format|
format.html { redirect_to receipts_url, notice: 'Receipt was successfully destroyed.' }
format.json { head :no_content }
end
end
private
# Use callbacks to share common setup or constraints between actions.
def set_receipt
@receipt = Receipt.find(params[:id])
end
# Never trust parameters from the scary internet, only allow the white list through.
def receipt_params
params.require(:receipt).permit(:receipt_date, :receipt_amount, :currency_id, :user_id)
end
end
答案 0 :(得分:1)
如果你有设计,这应该为你做,注意非实例变量,没有@
<div class="field">
<%= f.hidden_field :user_id, :value => current_user.id %>
</div>
或其他情况,在您的情况下。
<div class="field">
<%= f.hidden_field :user_id, :value => @current_user.id %>
</div>
答案 1 :(得分:1)
理想情况下,您不必在表单中呈现current_user id,您已经有一个会话来识别用户,只需将收据范围限定在收据控制器中的当前用户下:
class ReceiptsController < ApplicationController
...
def create
receipt = current_user.receipts.new(receipt_params)
if receipt.save
# redirect
else
# render new
end
end
end
这也可以防止未经过身份验证的用户更新其他人的收据。如果您正在对用户进行身份验证并且可以访问控制器中的当前用户,那么这就是您的选择。