为什么 has_one 与嵌套路线的关联可以访问 url 搜索栏中的所有可能路线?
why has_one association with nested routes gives access to all possible routes in the url search bar?
我对获得每个 url 的方式感到困惑,例如 deals/:id/properties/:id 尽管有一对一的关联 btw a deal 和 属性.当与交易 2 关联的 属性 在我的数据库中为 属性 6 时,我怎么可能在浏览器 url 中键入并获取 deals/2/properties/14(或任何组合) .我在视图中的链接确实有效,并且我使用这些链接获得了正确的关联 deals/2/properties/6 但我的问题是我在设置(或其他任何地方)中做错了什么或者只是 Rails 允许在浏览器中测试每一种可能的组合……如果是,有没有办法防止这种情况发生?非常感谢
我有一个一对一的关联 => 1 个交易 has_one 属性 和一个 属性 belongs_to 交易。我有如下嵌套路线
resources :deals, only: [:index, :show, :create, :update, :destroy] do
scope '/siteadmin' do
resources :properties
end
end
scope '/siteadmin' do
resources :deals, except: [:index, :show]
end
deal.rb
class Deal < ApplicationRecord
has_one :property, dependent: :destroy
accepts_nested_attributes_for :property
end
property.rb
class Property < ApplicationRecord
belongs_to :deal
validates :full_address, presence: true
validates_uniqueness_of :deal_id
end
deals_controller.rb
class DealsController < ApplicationController
before_action :set_deal, only: [:show, :edit, :update, :destroy]
def index
@deals = Deal.all
end
def show
@property = @deal.property
end
def new
@deal = Deal.new
end
def create
@deal = Deal.new(deal_params)
if @deal.save
redirect_to deals_path, notice: 'Deal was successfully created'
else
render :new
end
end
def edit
end
def update
if @deal.update(deal_params)
redirect_to @deal, notice: 'Deal was successfully updated'
else
flash.now[:alert] = "Deal has not been updated."
render :edit
end
end
def destroy
@deal.destroy
redirect_to deals_path, notice: 'Deal was successfully deleted'
end
private
def deal_params
params.require(:deal).permit(:description, :kind, :address, :image_url, :occupancy, :yield)
end
def set_deal
@deal = Deal.find(params[:id])
rescue ActiveRecord::RecordNotFound
flash[:alert] = "The deal you were looking for could not be found."
redirect_to deals_path
end
end
properties_controller.rb
class PropertiesController < ApplicationController
before_action :set_deal
before_action :set_property, only: [:show, :edit, :update, :destroy]
def index
@properties = Property.all.order(id: :asc)
end
def show
end
def new
@property = @deal.build_property
end
def create
@property = @deal.build_property(property_params)
if @property.save
flash[:notice] = "Property has been created."
redirect_to [@deal, @property]
else
flash.now[:alert] = "Property has not been created."
render "new"
end
end
def edit
end
def update
if @property.update(property_params)
flash[:notice] = "Property has been updated."
redirect_to [@deal, @property]
else
flash.now[:alert] = "Property has not been updated."
render "edit"
end
end
def destroy
@property.destroy
flash[:notice] = "Property has been deleted."
redirect_to @deal
end
private
def property_params
params.require(:property).permit(:genre, :surface, :nb_rooms, :nb_bedrooms, :city, :district, :full_address)
end
def set_property
@property = Property.find(params[:id])
end
def set_deal
@deal = Deal.find(params[:deal_id])
end
end
交易 show.html.erb
<h2>Property in the deal:</h2>
<ul class="list-unstyled text-justify">
<li>Property id #<%= @deal.property.try(:id) %> - <%= link_to @deal.property.try(:full_address), [@deal, @property] %></li>
<li>Adresse of the property: <%= @deal.property.try(:full_address) %></li>
<li><%= link_to "see all the properties", deal_properties_path(@deal) %></li>
<%= link_to "add deal", new_deal_path, {class: "btn btn-primary"} %>
</ul>
属性index.html.erb
<header>
<h2>All properties</h2>
<ul id="properties in the db">
<% @properties.each do |property| %>
<li>Property id #<%= property.id %> - <%= link_to property.full_address, deal_property_path(property.deal, property) %></li>
<li><%= link_to "See our Deal", deal_path(property.deal) %></li>
<li><%= link_to "Edit Property", edit_deal_property_path(property.deal, property) %></li>
<li>Deal id #<%= property.deal.id %></li>
<% end %>
<br>
</ul>
<ul class="actions">
<li><%= link_to "Add Property", new_deal_property_path(@deal),
class: "new" %></li>
<li><%= link_to "Back to deals", deals_path%></li>
</ul>
</header>
属性show.html.erb
<header>
<h2>Property id #<%= @property.id %> <%= @property.full_address %></h2>
</header>
<h3>This is the property #<%= @property.id %> of the Deal @<%= @deal.id %> - <%= @deal.address %></h3>
<p>This property is located at <%= @property.full_address %></p>
<li><%= link_to "See all the properties", deal_properties_path(@deal)%></li>
路由只处理查询字符串的格式,而不处理其中的值。
我喜欢做的是像这样在控制器中限定数据范围
class PropertiesController < ApplicationController
before_action :set_deal
before_action :set_property, only: [:show, :edit, :update, :destroy]
def index
@properties = Property.all.order(id: :asc)
end
def show
end
def new
@property = @deal.build_property
end
def create
@property = @deal.build_property(property_params)
if @property.save
flash[:notice] = "Property has been created."
redirect_to [@deal, @property]
else
flash.now[:alert] = "Property has not been created."
render "new"
end
end
def edit
end
def update
if @property.update(property_params)
flash[:notice] = "Property has been updated."
redirect_to [@deal, @property]
else
flash.now[:alert] = "Property has not been updated."
render "edit"
end
end
def destroy
@property.destroy
flash[:notice] = "Property has been deleted."
redirect_to @deal
end
private
def property_params
params.require(:property).permit(:genre, :surface, :nb_rooms, :nb_bedrooms, :city, :district, :full_address)
end
def set_property
@property = @deal.property #.find(params[:id]) # you don't need to find it because there is only 1
end
def set_deal
@deal = Deal.find(params[:deal_id])
end
end
我对获得每个 url 的方式感到困惑,例如 deals/:id/properties/:id 尽管有一对一的关联 btw a deal 和 属性.当与交易 2 关联的 属性 在我的数据库中为 属性 6 时,我怎么可能在浏览器 url 中键入并获取 deals/2/properties/14(或任何组合) .我在视图中的链接确实有效,并且我使用这些链接获得了正确的关联 deals/2/properties/6 但我的问题是我在设置(或其他任何地方)中做错了什么或者只是 Rails 允许在浏览器中测试每一种可能的组合……如果是,有没有办法防止这种情况发生?非常感谢
我有一个一对一的关联 => 1 个交易 has_one 属性 和一个 属性 belongs_to 交易。我有如下嵌套路线
resources :deals, only: [:index, :show, :create, :update, :destroy] do
scope '/siteadmin' do
resources :properties
end
end
scope '/siteadmin' do
resources :deals, except: [:index, :show]
end
deal.rb
class Deal < ApplicationRecord
has_one :property, dependent: :destroy
accepts_nested_attributes_for :property
end
property.rb
class Property < ApplicationRecord
belongs_to :deal
validates :full_address, presence: true
validates_uniqueness_of :deal_id
end
deals_controller.rb
class DealsController < ApplicationController
before_action :set_deal, only: [:show, :edit, :update, :destroy]
def index
@deals = Deal.all
end
def show
@property = @deal.property
end
def new
@deal = Deal.new
end
def create
@deal = Deal.new(deal_params)
if @deal.save
redirect_to deals_path, notice: 'Deal was successfully created'
else
render :new
end
end
def edit
end
def update
if @deal.update(deal_params)
redirect_to @deal, notice: 'Deal was successfully updated'
else
flash.now[:alert] = "Deal has not been updated."
render :edit
end
end
def destroy
@deal.destroy
redirect_to deals_path, notice: 'Deal was successfully deleted'
end
private
def deal_params
params.require(:deal).permit(:description, :kind, :address, :image_url, :occupancy, :yield)
end
def set_deal
@deal = Deal.find(params[:id])
rescue ActiveRecord::RecordNotFound
flash[:alert] = "The deal you were looking for could not be found."
redirect_to deals_path
end
end
properties_controller.rb
class PropertiesController < ApplicationController
before_action :set_deal
before_action :set_property, only: [:show, :edit, :update, :destroy]
def index
@properties = Property.all.order(id: :asc)
end
def show
end
def new
@property = @deal.build_property
end
def create
@property = @deal.build_property(property_params)
if @property.save
flash[:notice] = "Property has been created."
redirect_to [@deal, @property]
else
flash.now[:alert] = "Property has not been created."
render "new"
end
end
def edit
end
def update
if @property.update(property_params)
flash[:notice] = "Property has been updated."
redirect_to [@deal, @property]
else
flash.now[:alert] = "Property has not been updated."
render "edit"
end
end
def destroy
@property.destroy
flash[:notice] = "Property has been deleted."
redirect_to @deal
end
private
def property_params
params.require(:property).permit(:genre, :surface, :nb_rooms, :nb_bedrooms, :city, :district, :full_address)
end
def set_property
@property = Property.find(params[:id])
end
def set_deal
@deal = Deal.find(params[:deal_id])
end
end
交易 show.html.erb
<h2>Property in the deal:</h2>
<ul class="list-unstyled text-justify">
<li>Property id #<%= @deal.property.try(:id) %> - <%= link_to @deal.property.try(:full_address), [@deal, @property] %></li>
<li>Adresse of the property: <%= @deal.property.try(:full_address) %></li>
<li><%= link_to "see all the properties", deal_properties_path(@deal) %></li>
<%= link_to "add deal", new_deal_path, {class: "btn btn-primary"} %>
</ul>
属性index.html.erb
<header>
<h2>All properties</h2>
<ul id="properties in the db">
<% @properties.each do |property| %>
<li>Property id #<%= property.id %> - <%= link_to property.full_address, deal_property_path(property.deal, property) %></li>
<li><%= link_to "See our Deal", deal_path(property.deal) %></li>
<li><%= link_to "Edit Property", edit_deal_property_path(property.deal, property) %></li>
<li>Deal id #<%= property.deal.id %></li>
<% end %>
<br>
</ul>
<ul class="actions">
<li><%= link_to "Add Property", new_deal_property_path(@deal),
class: "new" %></li>
<li><%= link_to "Back to deals", deals_path%></li>
</ul>
</header>
属性show.html.erb
<header>
<h2>Property id #<%= @property.id %> <%= @property.full_address %></h2>
</header>
<h3>This is the property #<%= @property.id %> of the Deal @<%= @deal.id %> - <%= @deal.address %></h3>
<p>This property is located at <%= @property.full_address %></p>
<li><%= link_to "See all the properties", deal_properties_path(@deal)%></li>
路由只处理查询字符串的格式,而不处理其中的值。
我喜欢做的是像这样在控制器中限定数据范围
class PropertiesController < ApplicationController
before_action :set_deal
before_action :set_property, only: [:show, :edit, :update, :destroy]
def index
@properties = Property.all.order(id: :asc)
end
def show
end
def new
@property = @deal.build_property
end
def create
@property = @deal.build_property(property_params)
if @property.save
flash[:notice] = "Property has been created."
redirect_to [@deal, @property]
else
flash.now[:alert] = "Property has not been created."
render "new"
end
end
def edit
end
def update
if @property.update(property_params)
flash[:notice] = "Property has been updated."
redirect_to [@deal, @property]
else
flash.now[:alert] = "Property has not been updated."
render "edit"
end
end
def destroy
@property.destroy
flash[:notice] = "Property has been deleted."
redirect_to @deal
end
private
def property_params
params.require(:property).permit(:genre, :surface, :nb_rooms, :nb_bedrooms, :city, :district, :full_address)
end
def set_property
@property = @deal.property #.find(params[:id]) # you don't need to find it because there is only 1
end
def set_deal
@deal = Deal.find(params[:deal_id])
end
end