这是我的路线:
scope ":username" do
resources :feedbacks
end
因此,当我转到mydomain.com/test/feedbacks/10时,它会显示feedback id=10 username=test属于mydomain.com/test2/feedbacks/10。
但是,如果我转到id=10,它会向我显示与username=test2相同的反馈,该反馈不属于Vanity。
如何限制这种情况发生?
我正在使用controller :vanities do
match ':vname' => :show, :via => :get, :constraints => {:vname => /[A-Za-z0-9\-\+\@]+/}
end
gem给我URL中的用户名,这就是该路线的样子:
mydomain.com/test/feedbacks/10修改1:
也就是说,为了清楚起见,当我转到/test2/feedbacks/10和test/feedbacks/10时,它会向我显示相同记录的相同视图(在这种情况下,后一版本会出错,因为它应该告诉我没有这样的记录存在,但事实并非如此。它只是显示Started GET "/test-3/feedbacks/7" for 127.0.0.1 at 2011-09-14 02:48:15 -0500
Processing by FeedbacksController#show as HTML
Parameters: {"username"=>"test-3", "id"=>"7"}
Feedback Load (0.5ms) SELECT "feedbacks".* FROM "feedbacks" WHERE "feedbacks"."id" = ? LIMIT 1 [["id", "7"]]
User Load (0.5ms) SELECT "users".* FROM "users" WHERE "users"."id" = 3 LIMIT 1
Rendered feedbacks/show.html.erb within layouts/application (36.2ms)
Completed 200 OK in 188ms (Views: 184.3ms | ActiveRecord: 1.8ms)
)的正确记录。
编辑2:
以下是两个请求的日志:
正确的请求
Started GET "/test2/feedbacks/7" for 127.0.0.1 at 2011-09-14 02:48:28 -0500
Processing by FeedbacksController#show as HTML
Parameters: {"username"=>"test2", "id"=>"7"}
Feedback Load (0.1ms) SELECT "feedbacks".* FROM "feedbacks" WHERE "feedbacks"."id" = ? LIMIT 1 [["id", "7"]]
User Load (0.2ms) SELECT "users".* FROM "users" WHERE "users"."id" = 3 LIMIT 1
Rendered feedbacks/show.html.erb within layouts/application (37.6ms)
Completed 200 OK in 50ms (Views: 47.5ms | ActiveRecord: 1.2ms)
错误的请求
{{1}}
答案 0 :(得分:2)
您的节目动作应该类似于
def show
@user = User.find_by_username(params[:username])
if @user == current_user
...
render "show"
else
flash[:alert] = "Record doesn't exist"
redirect_to root_path
end
end
我冒昧地加入@Benoit的建议。