仅允许评论的所有者删除他们的评论

时间:2017-04-10 10:02:26

标签: ruby-on-rails ruby devise

我使用devise进行用户身份验证。并有三个模型,文章,评论和用户。

我只能登录用户为文章添加评论。我还在评论表中添加了用户ID。但是,我正在努力实现仅限制评论作者删除他们自己的评论的功能。

我有什么:

comment.rb 

class Comment < ApplicationRecord
  belongs_to :user
  belongs_to :article

end

user.rb 

class User < ApplicationRecord
  # Include default devise modules. Others available are:
  # :confirmable, :lockable, :timeoutable and :omniauthable

  has_many :comments
  devise :database_authenticatable, :registerable,
         :recoverable, :rememberable, :trackable, :validatable
end

article.rb 

class Article < ApplicationRecord
  has_many :comments, dependent: :destroy
end

Comments_controller 

class CommentsController < ApplicationController
  before_action :authenticate_user!
  before_action :find_comment, only: [:create, :destroy]
  before_action :comment_auth, only:  [:edit, :update, :destroy]


      #Some items removed for brevity

def destroy
          @comment = @article.comments.find(params[:id]).destroy
          redirect_to article_path(@article)
      end

  private

  def comment_params
      params.require(:comment).permit(:name, :body, :user_id)
  end

  def find_comment
      @article = Article.find(params[:article_id])
  end

  def comment_auth
      if @comment.user_id != current_user.id
        flash[:notice] = 'You are not owner of this comment.'
      redirect_to(root_path)
      end
  end

我还在评论表中添加了一个外键:

class AddForeignKeys < ActiveRecord::Migration[5.0]
  def change
    add_foreign_key :comments, :users
  end
end

然后,当我尝试从我创建的用户中删除评论并登录时,我得到:

NoMethodError in CommentsController#destroy
undefined method `user_id' for nil:NilClass

我错过了什么?

2 个答案:

答案 0 :(得分:1)

<强>问题

这是在过滤器之前,@comment尚未初始化。 @comment

中未提供您在destroy操作中分配的before_filter def comment_auth if @comment.user_id != current_user.id flash[:notice] = 'You are not owner of this comment.' redirect_to(root_path) end end 
comment_auth

解决方案:您可以删除destroy并将def destroy @comment = current_user.comments.find_by(id: params[:id], article_id: @article) if @comment && @comment.destroy redirect_to article_path(@article), notice: 'comment deleted successfully' else redirect_to article_path(@article), alert: 'something went wrong' end end 操作更改为:

comment_auth

def comment_auth @comment = current_user.comments.find_by(id: params[:id], article_id: @article) if @comment.user_id != current_user.id flash[:notice] = 'You are not owner of this comment.' redirect_to(root_path) end end # AND def destroy if @comment.destroy redirect_to article_path(@article), notice: 'comment deleted successfully' else redirect_to article_path(@article), alert: 'something went wrong' end end 更改为

comment.user_id == current_user.id
  

注意:此外,如果{{1}}

,我建议仅在评论时显示删除选项

答案 1 :(得分:0)

在您的@comment = find_comment方法中添加comment_auth可以解决您的问题。 

  def comment_auth
    @comment = find_comment
    if @comment.user_id != current_user.id
      flash[:notice] = 'You are not owner of this comment.'
      redirect_to(root_path)
    end
  end
相关问题
最新问题