为什么我在使用friendly_id时不能再编辑和销毁我的引脚?

时间:2015-11-30 17:48:04

标签: ruby-on-rails friendly-id

我相信我从friendly_id github页面正确地遵循了所有步骤。我知道它有效,因为它将我的URL从/ 1更改为/ sample-url。然而,问题是我无法编辑和销毁我已更改网址的引脚。

我希望有人可以帮我解决这个问题。谢谢!

/pins_controller.rb 

class PinsController < ApplicationController
  before_action :set_pin, only: [:show, :edit, :update, :destroy]
  before_action :correct_user, only: [:edit, :update, :destroy]
  before_action :authenticate_user!, except: [:index, :show]

  respond_to :html

  def index
    @pins = Pin.all.order("created_at DESC").paginate(:page => params[:page], :per_page => 8)
    respond_with(@pins)
  end

  def show
    respond_with(@pin)
  end

  def new
    @pin = current_user.pins.build
    respond_with(@pin)
  end

  def edit
  end

  def create
    @pin = current_user.pins.build(pin_params)
    if @pin.save
       redirect_to @pin, notice: "Pin was successfully created."
    else
      render action: "new"
    end
  end

  def update
    if @pin.update(pin_params)
      redirect_to @pin, notice: "Pin was successfully updated."
    else
      render action: "edit"
    end
  end

  def destroy
    @pin.destroy
    respond_with(@pin)
  end

  def upvote
    @pin = Pin.find(params[:id])
    @pin.upvote_by current_user
    redirect_to :back
  end

  def downvote
    @pin = Pin.find(params[:id])
    @pin.downvote_from current_user
    redirect_to :back
  end

  private
    def set_pin
      @pin = Pin.friendly.find(params[:id])
    end

    def correct_user
      @pin = current_user.pins.find_by(id: params[:id])
      redirect_to pins_path, notice: "Not authorized to edit this pin" if @pin.nil?
    end

    def pin_params
      params.require(:pin).permit(:description, :image)
    end
end

/pin.rb 

class Pin < ActiveRecord::Base

    acts_as_votable

    belongs_to :user

    has_attached_file :image, :styles => { :medium => '300x300>', :thumb => '100x100>' }
    validates_attachment_content_type :image, :content_type => ["image/jpg", "image/jpeg", "image/png"]

    validates :image, presence: true
    validates :description, presence: true

    extend FriendlyId
  friendly_id :description, use: :slugged
end

1 个答案:

答案 0 :(得分:2)

罪魁祸首是@pin = current_user.pins.find_by(id: params[:id])中的correct_user

请注意,对于编辑,更新和销毁操作,您将获取两次引脚。进入set_pin后进入correct_user。在correct_user中,您只需要检查@pin.user_id == current_user.id

此外,您现在拥有它的方式,authenticate_user!中的用户身份验证最后运行,如果未经身份验证的用户向编辑操作提交请求,则会导致错误。

class PinsController < ApplicationController
  #authenticate_user! must go first
  before_action :authenticate_user!, except: [:index, :show]
  before_action :set_pin, only: [:show, :edit, :update, :destroy]
  before_action :correct_user, only: [:edit, :update, :destroy]


  respond_to :html

  .... your actions here

  private
    def set_pin
      @pin = Pin.friendly.find(params[:id])
    end

    def correct_user
      unless @pin.user_id == current_user.id
        redirect_to pins_path, notice: "Not authorized to edit this pin"

        #you must return false to halt
        false
      end
    end

    def pin_params
      params.require(:pin).permit(:description, :image)
    end
end
相关问题
最新问题