Ruby on rails 仅允许注释所有者删除其注释
我正在使用Desive进行用户身份验证。并有三个模型,文章,评论和用户 我只允许登录用户在文章中添加评论。我也在comments表中添加了用户id。然而,我正在努力实现只限制评论作者删除自己评论的功能 我所拥有的: comment.rbRuby on rails 仅允许注释所有者删除其注释,ruby-on-rails,ruby,devise,Ruby On Rails,Ruby,Devise,我正在使用Desive进行用户身份验证。并有三个模型,文章,评论和用户 我只允许登录用户在文章中添加评论。我也在comments表中添加了用户id。然而,我正在努力实现只限制评论作者删除自己评论的功能 我所拥有的: comment.rb class Comment < ApplicationRecord belongs_to :user belongs_to :article end class User < ApplicationRecord # Include d
class Comment < ApplicationRecord
belongs_to :user
belongs_to :article
end
class User < ApplicationRecord
# Include default devise modules. Others available are:
# :confirmable, :lockable, :timeoutable and :omniauthable
has_many :comments
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :trackable, :validatable
end
class Article < ApplicationRecord
has_many :comments, dependent: :destroy
end
我遗漏了什么?问题 这是在筛选之前,并且
@comment
尚未初始化@comment
您在销毁中分配的操作在筛选之前的中不可用
def comment_auth
if @comment.user_id != current_user.id
flash[:notice] = 'You are not owner of this comment.'
redirect_to(root_path)
end
end
解决方案:您可以删除comment\u auth
并将destroy
操作更改为:
def destroy
@comment =
current_user.comments.find_by(id: params[:id], article_id: @article)
if @comment && @comment.destroy
redirect_to article_path(@article), notice: 'comment deleted successfully'
else
redirect_to article_path(@article), alert: 'something went wrong'
end
end
或将注释\u auth
更改为
def comment_auth
@comment =
current_user.comments.find_by(id: params[:id], article_id: @article)
if @comment.user_id != current_user.id
flash[:notice] = 'You are not owner of this comment.'
redirect_to(root_path)
end
end
# AND
def destroy
if @comment.destroy
redirect_to article_path(@article), notice: 'comment deleted successfully'
else
redirect_to article_path(@article), alert: 'something went wrong'
end
end
注意:另外,如果comment.user\u id==当前用户.id
将@comment=find\u comment
添加到comment\u auth
方法将解决您的问题
def comment_auth
@comment = find_comment
if @comment.user_id != current_user.id
flash[:notice] = 'You are not owner of this comment.'
redirect_to(root_path)
end
end
谢谢@Deepak这似乎确实奏效了。我的评论_auth对编辑和更新评论也有限制,我将如何用您的方法替换它。是的,注意到限制链接只销毁登录用户。太棒了。这也行得通。谢谢那么在销毁评论之前,我现在是否找到了相关的评论ID和文章ID,这样我们就知道要销毁哪个评论了?是的,这样我们就知道是否让用户销毁评论了,但这无法正常工作。。。错误消息保持不变。
def destroy
@comment =
current_user.comments.find_by(id: params[:id], article_id: @article)
if @comment && @comment.destroy
redirect_to article_path(@article), notice: 'comment deleted successfully'
else
redirect_to article_path(@article), alert: 'something went wrong'
end
end
def comment_auth
@comment =
current_user.comments.find_by(id: params[:id], article_id: @article)
if @comment.user_id != current_user.id
flash[:notice] = 'You are not owner of this comment.'
redirect_to(root_path)
end
end
# AND
def destroy
if @comment.destroy
redirect_to article_path(@article), notice: 'comment deleted successfully'
else
redirect_to article_path(@article), alert: 'something went wrong'
end
end
def comment_auth
@comment = find_comment
if @comment.user_id != current_user.id
flash[:notice] = 'You are not owner of this comment.'
redirect_to(root_path)
end
end