我希望我的访问者能够在创建后的5-10分钟内编辑或删除他们的评论。
我应该如何通过会话或cookie对此进行身份验证? 我的评论控制员:
class CommentsController < ApplicationController
# GET /comments
# GET /comments.xml
# GET /comments/new
# GET /comments/new.xml
def new
@comment = Comment.new
respond_to do |format|
format.html # new.html.erb
format.xml { render :xml => @comment }
end
end
# GET /comments/1/edit
def edit
@comment = Comment.find(params[:id])
end
# POST /comments
# POST /comments.xml
def create
@blog = Blog.find(params[:blog_id])
params[:comment][:ip] = request.remote_ip
@comment = @blog.comments.create!(params[:comment])
redirect_to @blog
end
# PUT /comments/1
# PUT /comments/1.xml
def update
@comment = Comment.find(params[:id])
respond_to do |format|
if @comment.update_attributes(params[:comment])
format.html { redirect_to(admin_comments_path, :notice => 'Comment was successfully updated.') }
format.xml { head :ok }
else
format.html { render :action => "edit" }
format.xml { render :xml => @comment.errors, :status => :unprocessable_entity }
end
end
end
# DELETE /comments/1
# DELETE /comments/1.xml
def destroy
@comment = Comment.find(params[:id])
@comment.destroy
respond_to do |format|
format.html { redirect_to(admin_comments_url, :notice => 'Indlæg slettet') }
format.xml { head :ok }
end
end
end
答案 0 :(得分:1)
将保存的注释的id存储在会话中,然后在删除或更新时,检查会话中注释的id,并将当前时间与注释的created_at进行比较...这可以采用过滤方法。< / p>
此外,您可以在过滤器中移动查找带有id的注释的代码,并且可以关注DRY。
这就是:
class CommentsController < ApplicationController
before_filter :get_blog
before_filter :get_comment, :only => [:edit, :update, :destroy]
before_filter :authorize_comment, :only => [:edit, :update, :destroy]
private
def get_blog
@blog = Blog.find(params[:blog_id])
end
def get_comment
@comment = Comment.find(params[:id])
end
def authorize_comment
unless @comment
flash[:error] = "Comment Not Found"
redirect_to @blog and return
else
# checks whether the comment is there in sessions' recent_comments
# if true, it means, this comment was created by the same visitor who is now attempting to delete/update it again
if session[:recent_comments].include?(@comment.id)
# now check if the comment is editable w.r.t time or not
if @comment.created_at < 10.minutes.ago
# if true, it means comment can no longer be updated/deleted
# if you wish you can now remove this from the session's recent_comments
session[:recent_comments].delete(@comment.id)
flash[:error] = "Sorry, you can not change this comment now"
redirect_to @blog and return
else
# it means comment can be edited/updated
return true
end
else
flash[:error] = "Sorry, you can not change this comment now"
redirect_to @blog and return
end
end
end
public
def new
@comment = Comment.new
respond_to do |format|
format.html # new.html.erb
format.xml { render :xml => @comment }
end
end
def edit
end
def create
params[:comment][:ip] = request.remote_ip
@comment = @blog.comments.create!(params[:comment])
unless session[:recent_comments].is_a?(Array)
session[:recent_comments] = []
end
session[:recent_comments] << @comment.id
redirect_to @blog
end
def update
respond_to do |format|
if @comment.update_attributes(params[:comment])
format.html { redirect_to(admin_comments_path, :notice => 'Comment was successfully updated.') }
format.xml { head :ok }
else
format.html { render :action => "edit" }
format.xml { render :xml => @comment.errors, :status => :unprocessable_entity }
end
end
end
def destroy
@comment.destroy
respond_to do |format|
format.html { redirect_to(admin_comments_url, :notice => 'Indlæg slettet') }
format.xml { head :ok }
end
end
end