我正在研究审查申请。在此应用中,用户可以发布自己的项目,其他用户可以对其进行审查。但是当其他用户尝试编辑自己的评论时,我遇到了此错误。只有项目所有者才能编辑项目。但是编辑评论应该允许写评论的用户使用。
如何划分此身份验证?
/controllers/projects_controller.rb
class ProjectsController < ApplicationController
before_action :signed_in_user, only: [:new, :create, :edit, :update, :destroy]
before_action :set_project, only: [:show, :edit, :update]
before_action :correct_user, only: [:edit, :update]
def edit
end
def update
@project.attributes = create_params
if @project.save
redirect_to @project
else
render edit_project_path(id: @project.id)
end
end
private
def signed_in_user
unless user_signed_in?
redirect_to root_path
end
end
def set_project
@project = Project.find_by_id(params[:id])
end
def correct_user
unless current_user.projects.include?(@user)
redirect_to root_path
end
end
end
/controllers/reviews_controller.rb
class ReviewsController < ApplicationController
before_action :set_projectct, only: [:new, :create, :edit, :update]
before_action :set_review, only: [:edit, :update, :destroy]
before_action :correct_user, only: [:edit, :update]
def edit
end
def update
@review.attributes = create_params
if @reviews.save
redirect_to prokect_path(id: @review.project_id)
else
redirect_to project_path(id: @review.project_id)
end
end
def set_project
@project = Project.find_by_id(params[:project_id])
end
def set_review
@review = Review.find_by_id(params[:id])
end
def correct_user
unless current_user.review.include?(@review)
redirect_to root_path
end
end
end
routes.rb
resources :projects do
resources :reviews
end
答案 0 :(得分:0)
如果要验证用户是否撰写了评论,为什么不这样比较:
@review.user == current_user
顺便说一句,这是一个授权验证,因此,如果用户无权编辑评论,则应返回403(禁止访问)而不是重定向。
专家或康康舞之类的宝石可能会帮助您正确地完成操作