为什么我在使用 friendly_id 时不能再编辑和销毁我的图钉?
Why can't I edit and destroy my pins anymore when using friendly_id?
我相信我已正确执行 friendly_id github 页面中的所有步骤。我知道它有效,因为它将我的 url 从 /1 更改为 /sample-url。但是,问题是我无法再编辑和销毁我更改了 url 的引脚。
希望有人能帮我解决这个问题。谢谢!
/pins_controller.rb
class PinsController < ApplicationController
before_action :set_pin, only: [:show, :edit, :update, :destroy]
before_action :correct_user, only: [:edit, :update, :destroy]
before_action :authenticate_user!, except: [:index, :show]
respond_to :html
def index
@pins = Pin.all.order("created_at DESC").paginate(:page => params[:page], :per_page => 8)
respond_with(@pins)
end
def show
respond_with(@pin)
end
def new
@pin = current_user.pins.build
respond_with(@pin)
end
def edit
end
def create
@pin = current_user.pins.build(pin_params)
if @pin.save
redirect_to @pin, notice: "Pin was successfully created."
else
render action: "new"
end
end
def update
if @pin.update(pin_params)
redirect_to @pin, notice: "Pin was successfully updated."
else
render action: "edit"
end
end
def destroy
@pin.destroy
respond_with(@pin)
end
def upvote
@pin = Pin.find(params[:id])
@pin.upvote_by current_user
redirect_to :back
end
def downvote
@pin = Pin.find(params[:id])
@pin.downvote_from current_user
redirect_to :back
end
private
def set_pin
@pin = Pin.friendly.find(params[:id])
end
def correct_user
@pin = current_user.pins.find_by(id: params[:id])
redirect_to pins_path, notice: "Not authorized to edit this pin" if @pin.nil?
end
def pin_params
params.require(:pin).permit(:description, :image)
end
end
/pin.rb
class Pin < ActiveRecord::Base
acts_as_votable
belongs_to :user
has_attached_file :image, :styles => { :medium => '300x300>', :thumb => '100x100>' }
validates_attachment_content_type :image, :content_type => ["image/jpg", "image/jpeg", "image/png"]
validates :image, presence: true
validates :description, presence: true
extend FriendlyId
friendly_id :description, use: :slugged
end
罪魁祸首是correct_user中的@pin = current_user.pins.find_by(id: params[:id])。
请注意,对于编辑、更新和销毁操作,您需要获取 pin 两次。一次在 set_pin,一次在 correct_user。在correct_user中,只需要检查@pin.user_id == current_user.id.
此外,按照您现在的方式,您在 authenticate_user! 中的用户身份验证最后运行,如果未经身份验证的用户提交对编辑操作的请求,这将导致错误。
class PinsController < ApplicationController
#authenticate_user! must go first
before_action :authenticate_user!, except: [:index, :show]
before_action :set_pin, only: [:show, :edit, :update, :destroy]
before_action :correct_user, only: [:edit, :update, :destroy]
respond_to :html
.... your actions here
private
def set_pin
@pin = Pin.friendly.find(params[:id])
end
def correct_user
unless @pin.user_id == current_user.id
redirect_to pins_path, notice: "Not authorized to edit this pin"
#you must return false to halt
false
end
end
def pin_params
params.require(:pin).permit(:description, :image)
end
end
我相信我已正确执行 friendly_id github 页面中的所有步骤。我知道它有效,因为它将我的 url 从 /1 更改为 /sample-url。但是,问题是我无法再编辑和销毁我更改了 url 的引脚。
希望有人能帮我解决这个问题。谢谢!
/pins_controller.rb
class PinsController < ApplicationController
before_action :set_pin, only: [:show, :edit, :update, :destroy]
before_action :correct_user, only: [:edit, :update, :destroy]
before_action :authenticate_user!, except: [:index, :show]
respond_to :html
def index
@pins = Pin.all.order("created_at DESC").paginate(:page => params[:page], :per_page => 8)
respond_with(@pins)
end
def show
respond_with(@pin)
end
def new
@pin = current_user.pins.build
respond_with(@pin)
end
def edit
end
def create
@pin = current_user.pins.build(pin_params)
if @pin.save
redirect_to @pin, notice: "Pin was successfully created."
else
render action: "new"
end
end
def update
if @pin.update(pin_params)
redirect_to @pin, notice: "Pin was successfully updated."
else
render action: "edit"
end
end
def destroy
@pin.destroy
respond_with(@pin)
end
def upvote
@pin = Pin.find(params[:id])
@pin.upvote_by current_user
redirect_to :back
end
def downvote
@pin = Pin.find(params[:id])
@pin.downvote_from current_user
redirect_to :back
end
private
def set_pin
@pin = Pin.friendly.find(params[:id])
end
def correct_user
@pin = current_user.pins.find_by(id: params[:id])
redirect_to pins_path, notice: "Not authorized to edit this pin" if @pin.nil?
end
def pin_params
params.require(:pin).permit(:description, :image)
end
end
/pin.rb
class Pin < ActiveRecord::Base
acts_as_votable
belongs_to :user
has_attached_file :image, :styles => { :medium => '300x300>', :thumb => '100x100>' }
validates_attachment_content_type :image, :content_type => ["image/jpg", "image/jpeg", "image/png"]
validates :image, presence: true
validates :description, presence: true
extend FriendlyId
friendly_id :description, use: :slugged
end
罪魁祸首是correct_user中的@pin = current_user.pins.find_by(id: params[:id])。
请注意,对于编辑、更新和销毁操作,您需要获取 pin 两次。一次在 set_pin,一次在 correct_user。在correct_user中,只需要检查@pin.user_id == current_user.id.
此外,按照您现在的方式,您在 authenticate_user! 中的用户身份验证最后运行,如果未经身份验证的用户提交对编辑操作的请求,这将导致错误。
class PinsController < ApplicationController
#authenticate_user! must go first
before_action :authenticate_user!, except: [:index, :show]
before_action :set_pin, only: [:show, :edit, :update, :destroy]
before_action :correct_user, only: [:edit, :update, :destroy]
respond_to :html
.... your actions here
private
def set_pin
@pin = Pin.friendly.find(params[:id])
end
def correct_user
unless @pin.user_id == current_user.id
redirect_to pins_path, notice: "Not authorized to edit this pin"
#you must return false to halt
false
end
end
def pin_params
params.require(:pin).permit(:description, :image)
end
end