ruby-on-rails 如何使用户在Rails中只能为一篇文章提交一条评论?

baubqpgj  于 2023-11-20  发布在  Ruby
关注(0)|答案(1)|浏览(148)

我看到this thread有类似的概念,但我得到了一个相当大的错误,我认为是在我的评论控制器。在该页面上的顶级解决方案是,用户只能提交一个评论每一个职位,但如果他们试图再次评论,它仍然被张贴,只是不是在该用户id。然后,如果他们试图张贴第三个评论,功能性工作(因为第二条评论的user_id是nill),他们不能发表评论。所以,用户总共可以发表2条评论,一条正确地使用他们的user_id,另一条不正确地使用user_id设置为nill。请帮助找到问题!edit:哦,当第二条评论提交时,错误“您的评论无法保存。请确保仅提交有效的输入!”仍然出现。但评论仍然张贴

评论控制器:

class CommentsController < ApplicationController
    before_action :find_post
    before_action :find_comment, only: [:destroy, :edit, :update, :comment_owner]
    before_action :comment_owner, only: [:destroy, :edit, :update]
    before_action :authenticate_user!, except: [:show]

    def new
    end

    def create
        @comment = @post.comments.create(params[:comment].permit(:title, :content))
        @comment.user_id = current_user.id
        if @comment.user_id != nil #Here I tried to check to make sure a post couldn't submit with a nil user_id, it's still submitting
           @comment.save
           redirect_to post_path(@post)
        else
            flash[:notice] = "Your commment could not be saved. Please make sure to submit valid input only!"
            redirect_to post_path(@post)
        end
    end

    def show
        @comments = Comment.find(params[:id])   
    end

    def destroy
        @comment.destroy
        redirect_to post_path(@post)
    end

    def edit
        @comments = Comment.find(params[:id])   

    end

    def update
        if @comment.update(params[:comment].permit(:title, :content))
            redirect_to post_path(@post)
        else

            render 'edit'
        end

    end

    private

    def find_post
        @post = Post.find(params[:post_id])
    end
    def find_comment
        @comment = @post.comments.find(params[:id])
    end

    def comment_owner
        unless current_user.id == @comment.user_id
            flash[:notice] = "Not your comment"
            redirect_to @post
        end
    end

end

字符串

我的评论模型:

class Comment < ActiveRecord::Base
    validates :user_id, uniqueness: { scope: :post_id, message: "You've already made a comment!" }

    belongs_to :post
    belongs_to :user
end

用户模型,如果重要:

class User < ActiveRecord::Base

  devise :database_authenticatable, :registerable,
         :recoverable, :rememberable, :trackable, :validatable
  has_many :comments, dependent: :destroy

end

frebpwbc

frebpwbc1#

你的问题来自于这个区块:

def create
  @comment = @post.comments.create(params[:comment].permit(:title, :content))
  @comment.user_id = current_user.id
  if @comment.user_id != nil #Here I tried to check to make sure a post couldn't submit with a nil user_id, it's still submitting
     @comment.save
     redirect_to post_path(@post)
  else
    flash[:notice] = "Your commment could not be saved. Please make sure to submit valid input only!"
    redirect_to post_path(@post)
  end
end

字符串

  • 你有过滤器before_action :authenticate_user!, except: [:show],所以上面代码中的current_user总是not nil
  • @post.comments.create将在检查之前创建冗余comment
  • 你赋值@comment.user_id = current_user.id然后检查if @comment.user_id != nil,这很奇怪,@comment.user_id不可能是nil

所以我认为代码将被重构为:

def create
  @comment = @post.comments.build(comment_create_params)
  unless @comment.save
    # Why don't use
    # flash[:alert] = @comment.errors.full_messages.join('<br>')
    # The error message will be clear
    flash[:notice] = "Your commment could not be saved. Please make sure to submit valid input only!"
  end
  redirect_to post_path(@post)
end

def comment_create_params
  params.require(:comment).permit(:title, :content).merge({
    user_id: current_user.id
  })
end

可选

否则,为了确保数据的一致性,你可以稍微修改一下你的模型:

class Comment < ActiveRecord::Base
  # .. your current code
  validates :user_id, presence: true
end


此外,这可能是不够的,添加一个DB检查级别将是完美的。

相关问题