Ruby on rails 仅允许注释所有者删除其注释_Ruby On Rails_Ruby_Devise

Ruby on rails 仅允许注释所有者删除其注释

ruby-on-rails ruby

Ruby on rails 仅允许注释所有者删除其注释,ruby-on-rails,ruby,devise,Ruby On Rails,Ruby,Devise,我正在使用Desive进行用户身份验证。并有三个模型，文章，评论和用户我只允许登录用户在文章中添加评论。我也在comments表中添加了用户id。然而，我正在努力实现只限制评论作者删除自己评论的功能我所拥有的： comment.rb class Comment < ApplicationRecord belongs_to :user belongs_to :article end class User < ApplicationRecord # Include d

我正在使用Desive进行用户身份验证。并有三个模型，文章，评论和用户

我只允许登录用户在文章中添加评论。我也在comments表中添加了用户id。然而，我正在努力实现只限制评论作者删除自己评论的功能

我所拥有的：

comment.rb

class Comment < ApplicationRecord
  belongs_to :user
  belongs_to :article

end

class User < ApplicationRecord
  # Include default devise modules. Others available are:
  # :confirmable, :lockable, :timeoutable and :omniauthable

  has_many :comments
  devise :database_authenticatable, :registerable,
         :recoverable, :rememberable, :trackable, :validatable
end

class Article < ApplicationRecord
  has_many :comments, dependent: :destroy
end

我遗漏了什么？

问题
这是在筛选之前，并且
@comment
尚未初始化
@comment
您在
销毁中分配的操作在筛选之前的中不可用 def comment_auth if @comment.user_id != current_user.id flash[:notice] = 'You are not owner of this comment.' redirect_to(root_path) end end 解决方案：您可以删除comment\u auth 并将destroy 操作更改为： def destroy @comment = current_user.comments.find_by(id: params[:id], article_id: @article) if @comment && @comment.destroy redirect_to article_path(@article), notice: 'comment deleted successfully' else redirect_to article_path(@article), alert: 'something went wrong' end end 或将注释\u auth 更改为 def comment_auth @comment = current_user.comments.find_by(id: params[:id], article_id: @article) if @comment.user_id != current_user.id flash[:notice] = 'You are not owner of this comment.' redirect_to(root_path) end end # AND def destroy if @comment.destroy redirect_to article_path(@article), notice: 'comment deleted successfully' else redirect_to article_path(@article), alert: 'something went wrong' end end 注意：另外，如果comment.user\u id==当前用户.id 将@comment=find\u comment 添加到comment\u auth 方法将解决您的问题 def comment_auth @comment = find_comment if @comment.user_id != current_user.id flash[:notice] = 'You are not owner of this comment.' redirect_to(root_path) end end 谢谢@Deepak这似乎确实奏效了。我的评论_auth对编辑和更新评论也有限制，我将如何用您的方法替换它。是的，注意到限制链接只销毁登录用户。太棒了。这也行得通。谢谢那么在销毁评论之前，我现在是否找到了相关的评论ID和文章ID，这样我们就知道要销毁哪个评论了？是的，这样我们就知道是否让用户销毁评论了，但这无法正常工作。。。错误消息保持不变。 def destroy @comment = current_user.comments.find_by(id: params[:id], article_id: @article) if @comment && @comment.destroy redirect_to article_path(@article), notice: 'comment deleted successfully' else redirect_to article_path(@article), alert: 'something went wrong' end end def comment_auth @comment = current_user.comments.find_by(id: params[:id], article_id: @article) if @comment.user_id != current_user.id flash[:notice] = 'You are not owner of this comment.' redirect_to(root_path) end end # AND def destroy if @comment.destroy redirect_to article_path(@article), notice: 'comment deleted successfully' else redirect_to article_path(@article), alert: 'something went wrong' end end def comment_auth @comment = find_comment if @comment.user_id != current_user.id flash[:notice] = 'You are not owner of this comment.' redirect_to(root_path) end end