Ruby on rails 填写回复模型的用户id属性(不可访问的属性)
我有三种型号:Ruby on rails 填写回复模型的用户id属性(不可访问的属性),ruby-on-rails,Ruby On Rails,我有三种型号:User、Post和,Reply。用户有许多帖子和评论。一篇帖子有许多回复,属于用户,回复属于帖子和用户 routes.rb: resources :posts do resources :replies end create_table "posts", :force => true do |t| t.text "content", :limit => 255 t.integer "user_id" t.datetim
User
、Post
和,Reply
。用户
有许多帖子
和评论
。一篇帖子有许多回复
,属于用户
,回复
属于帖子
和用户
routes.rb:
resources :posts do
resources :replies
end
create_table "posts", :force => true do |t|
t.text "content", :limit => 255
t.integer "user_id"
t.datetime "created_at", :null => false
t.datetime "updated_at", :null => false
t.string "title"
end
create_table "replies", :force => true do |t|
t.text "content"
t.integer "post_id"
t.integer "user_id"
t.datetime "created_at", :null => false
t.datetime "updated_at", :null => false
end
def create
@post = Post.find(params[:post_id])
@reply = @post.replies.build(params[:reply])
if @reply.save!
flash[:success] = "reply created!"
redirect_to post_path(@post)
else
redirect_to post_path(@post)
end
end
<%= form_for([@post, @post.replies.build]) do |f| %>
<%= render 'shared/error_messages', object: f.object %>
<div class="field">
<%= f.text_area :content, placeholder: "Enter reply content" %>
</div>
<%= f.submit "Reply", class: "btn btn-large btn-primary" %>
<% end %>
schema.rb:
resources :posts do
resources :replies
end
create_table "posts", :force => true do |t|
t.text "content", :limit => 255
t.integer "user_id"
t.datetime "created_at", :null => false
t.datetime "updated_at", :null => false
t.string "title"
end
create_table "replies", :force => true do |t|
t.text "content"
t.integer "post_id"
t.integer "user_id"
t.datetime "created_at", :null => false
t.datetime "updated_at", :null => false
end
def create
@post = Post.find(params[:post_id])
@reply = @post.replies.build(params[:reply])
if @reply.save!
flash[:success] = "reply created!"
redirect_to post_path(@post)
else
redirect_to post_path(@post)
end
end
<%= form_for([@post, @post.replies.build]) do |f| %>
<%= render 'shared/error_messages', object: f.object %>
<div class="field">
<%= f.text_area :content, placeholder: "Enter reply content" %>
</div>
<%= f.submit "Reply", class: "btn btn-large btn-primary" %>
<% end %>
这就是我创建评论的方式:
评论\u controller.rb:
resources :posts do
resources :replies
end
create_table "posts", :force => true do |t|
t.text "content", :limit => 255
t.integer "user_id"
t.datetime "created_at", :null => false
t.datetime "updated_at", :null => false
t.string "title"
end
create_table "replies", :force => true do |t|
t.text "content"
t.integer "post_id"
t.integer "user_id"
t.datetime "created_at", :null => false
t.datetime "updated_at", :null => false
end
def create
@post = Post.find(params[:post_id])
@reply = @post.replies.build(params[:reply])
if @reply.save!
flash[:success] = "reply created!"
redirect_to post_path(@post)
else
redirect_to post_path(@post)
end
end
<%= form_for([@post, @post.replies.build]) do |f| %>
<%= render 'shared/error_messages', object: f.object %>
<div class="field">
<%= f.text_area :content, placeholder: "Enter reply content" %>
</div>
<%= f.submit "Reply", class: "btn btn-large btn-primary" %>
<% end %>
回复/\u form.html.erb:
resources :posts do
resources :replies
end
create_table "posts", :force => true do |t|
t.text "content", :limit => 255
t.integer "user_id"
t.datetime "created_at", :null => false
t.datetime "updated_at", :null => false
t.string "title"
end
create_table "replies", :force => true do |t|
t.text "content"
t.integer "post_id"
t.integer "user_id"
t.datetime "created_at", :null => false
t.datetime "updated_at", :null => false
end
def create
@post = Post.find(params[:post_id])
@reply = @post.replies.build(params[:reply])
if @reply.save!
flash[:success] = "reply created!"
redirect_to post_path(@post)
else
redirect_to post_path(@post)
end
end
<%= form_for([@post, @post.replies.build]) do |f| %>
<%= render 'shared/error_messages', object: f.object %>
<div class="field">
<%= f.text_area :content, placeholder: "Enter reply content" %>
</div>
<%= f.submit "Reply", class: "btn btn-large btn-primary" %>
<% end %>
我假设是因为回复的属性user\u id
为空:
回复.rb
validates :user_id, presence: true
我不确定如何填充该属性。我不能把它放在回复中,因为这会影响应用程序的安全性(据我所知)
有没有解决这个问题的建议?
attr\u acessible
只会在您从属性散列更新/创建记录时产生影响。您始终可以通过直接调用访问器来设置属性,因此在构建应答之后
@reply.user = current_user
我们应该这样做(假设您正在使用Deviate或authlogic之类的工具为您定义
当前用户
。您也可以直接分配给@reply.user\u id
。
仅在您从属性散列更新/创建记录时才会产生影响。您始终可以通过调用访问器来设置属性。)没错,在你建立了回复之后
@reply.user = current_user
我们应该这样做(假设您正在使用Desive或authlogic之类的工具为您定义
@current\u user
。您也可以直接分配给@reply.user\u id
。谢谢!使用@reply.user\u id=current\u user.id
和@reply.user=current\u user
?哪一个更值得推荐?结束语)ult是相同的(尽管我模糊地回忆起一些边缘情况,如果您尝试同时使用这两种情况)。唯一真正的区别是做@reply.user=你需要加载用户,如果你只有id,加载用户可能会觉得有点浪费。谢谢!使用@reply.user\u id=current\u user.id
和@reply.user=current\u user
有什么区别?哪一个更值得推荐?最终结果是:这是一样的(虽然我模糊地回忆起一些边缘情况,如果你试图同时使用这两种情况)。唯一真正的区别是do@reply.user=你需要加载用户,如果你只有id,加载用户可能会觉得有点浪费