仅当用户登录时与Ruby On Rails API更新记录匹配电子邮件

时间:2018-06-06 14:19:16

标签: mysql ruby-on-rails ruby

嘿大家所以我目前正在Ruby on Rails上编写API,并且在更新数据库中的机构时遇到了一些障碍。

我想要实现的目标:

如果当前登录的用户与与企业关联的电子邮件地址具有相同的匹配电子邮件,则允许该用户更新企业信息。

不幸的是,我一直试图弄清楚如何验证当前登录的用户是否与文件中的企业电子邮件相匹配。任何帮助ID都很感激。谢谢

这是我的代码:

def update
    establishment = Establishment.update(establishment_params)
    current_user ||= User.find(session[:user_id]) if session[:user_id]

    if !session[:user_id]
      render json: {status: 'Information Updated'}, status: :ok
    else
      render json: {status: 'Not Verified'}, status: :unprocessable_entity
    end
  end

  def establishment_params
    params.permit(
      :name,
      :address,
      :city,
      :state,
      :zipcode,
      :phone    
    )
  end

1 个答案:

答案 0 :(得分:3)

或许尝试这样的尝试:

  def update
    if authorized?
      establishment.assign_attributes(establishment_params)
      if establishment.valid?
        establishment.save!
        render json: {status: 'Information Updated'}, status: :ok
      else
        render json: {status: 'Not Updated', errors: establishment.errors.full_messages}, status: :unprocessable_entity
      end
    else
      render json: {status: 'Not Verified'}, status: :unauthorized
    end
  end

private

  def authorized?
    # Guessing at how to access email addresses. You'll need to fix to fit
    # your actual record structures.
    return false unless current_user && current_user.email_address
    return false unless establishment && establishment.email_address
    current_user.email_address == establishment.email_address
  end

  def establishment
    # memoization for @establishment
    @establishment ||= find_establishment 
  end

  def find_establishment
    # Will throw an error if Establishment not found. Guessing on 
    # params[:id]. You'll need to correct to wherever/however you 
    # pass in the Establishment id.
    Establishment.find(params[:id])
  end

在创建API时,您可能希望以合理传统的方式使用:unprocessable_entity:unauthorized。当用户未经授权时返回:unprocessable_entity的状态对我来说似乎是非常规的。我会建议:unauthorized的状态是什么。

另外,就个人而言,我更喜欢before_action方法的记忆方法。在过去,我发现(在我自己的项目中)使用before_action会导致难以诊断的错误。但话说回来,我擅长创建难以诊断的错误。所以,按照您的喜好进行操作。

哦,最后,我使用assign_attributes代替updateassign_attributes没有进行保存,这使您有机会执行establishment.valid?并处理提供的属性无效的情况。在这种情况下,:unprocessable_entity状态(适当地)返回以及完整的错误消息。

如果你愿意,你可以稍微过火,做一些像:

  def update
    authorized ? update : unauthorized
  end

private

  def authorized?
    return false unless current_user && current_user.email_address
    return false unless establishment && establishment.email_address
    current_user.email_address == establishment.email_address
  end

  def establishment
    @establishment ||= find_establishment 
  end

  def find_establishment
    Establishment.find(params[:id])
  end

  def unauthorized
    render json: {status: 'Not Verified'}, status: :unauthorized
  end

  def update
    establishment.assign_attributes(establishment_params)
    establishment.valid ? save_and_return : return_errors
  end

  def save_and_return
    establishment.save!
    render json: {status: 'Information Updated'}, status: :ok
  end

  def return_errors
    render json: {status: 'Not Updated', errors: establishment.errors.full_messages}, status: :unprocessable_entity
  end

就个人而言,我喜欢很多微小的方法,每个方法都有非常特定的目的,而不是大量的方法。在这个特定的用例中,这有点过分。

相关问题
最新问题