Fatal编程技术网
  • ruby-on-rails/
  • Ruby on rails 不使用参数的自定义路由参数和表单_

Ruby on rails 不使用参数的自定义路由参数和表单_

ruby-on-rails

Ruby on rails 不使用参数的自定义路由参数和表单_,ruby-on-rails,form-with,Ruby On Rails,Form With,我正在尝试为一个地址分配一个自定义id,这样就不容易猜测记录(对于那些想要添加和更改其他人地址的人)。出于某种原因,虽然我可以创建具有正确创建路径的记录,但来自form_with的编辑路径似乎没有使用自定义资源参数 routes.rb resources :deladdresses, param: :delid <%= form_with model: deladdress, class: "mt-4" do |f| %> <%= render &qu

我正在尝试为一个地址分配一个自定义id,这样就不容易猜测记录(对于那些想要添加和更改其他人地址的人)。出于某种原因,虽然我可以创建具有正确创建路径的记录,但来自
form_with
的编辑路径似乎没有使用自定义资源参数

routes.rb

resources :deladdresses, param: :delid

<%= form_with model: deladdress, class: "mt-4" do |f| %>
  <%= render "shared/error_messages", resource: f.object %>

  .. lots removed for clarity ...

  <%= f.hidden_field :country, value: "Australia" %>
  <%= f.hidden_field :ordernum, name: :ordernum, value: @order %>
  <%= link_to order_path(@order.ordernum) do %>
    <button class="btn btn-secondary">Back</button>
  <% end %>
  <%= f.button "Save", id: 'submit', class: "btn btn-primary" %>
<% end %>

class Deladdress < ApplicationRecord

  before_save :add_del_id

  belongs_to :user
  has_many :orders

  def add_del_id
    randchars = ("a".."z").to_a.sample(8).join
    time = DateTime.now.strftime("%H%M%S")
    self.delid = "#{time}-#{randchars.upcase}"
  end

end

class DeladdressesController < ApplicationController
  before_action :find_my_order

  def show
    # Collect the delivery address for the order
    # Do we want to collect and store these per customer?
  end

  def new
    if current_user
      @savedaddresses = Deladdress.where(user: current_user)
    end
    @deladdress = Deladdress.new
  end

  def edit
    @deladdress = Deladdress.where(delid: params[:delid]).first
  end

  def create
    @deladdress = Deladdress.create(deladdress_params)
    @deladdress.user = current_user
    if @deladdress
      @order&.update(deladdress: @deladdress)
      redirect_to order_path(@order.ordernum), notice: "Address added"
    else
      render :new
    end
  end

  def update
    @deladdress = Deladdress.where(delid: params[:delid]).first
    if @deladdress.update(deladdress_params)
      @order.update(deladdress: @deladdress)
      redirect_to order_path(@order.ordernum), notice: t(".updated")
    else
      render :edit
    end
  end

  private

  def deladdress_params
    attributes = [:first_name, :last_name, :address, :apartment, :city, :state, :country, :postcode, :ordernum, :delid]
    params.require(:deladdress).permit(*attributes)
  end

  def find_my_order
    @order = find_order
  end

end
\u form.html.erb

resources :deladdresses, param: :delid

<%= form_with model: deladdress, class: "mt-4" do |f| %>
  <%= render "shared/error_messages", resource: f.object %>

  .. lots removed for clarity ...

  <%= f.hidden_field :country, value: "Australia" %>
  <%= f.hidden_field :ordernum, name: :ordernum, value: @order %>
  <%= link_to order_path(@order.ordernum) do %>
    <button class="btn btn-secondary">Back</button>
  <% end %>
  <%= f.button "Save", id: 'submit', class: "btn btn-primary" %>
<% end %>

class Deladdress < ApplicationRecord

  before_save :add_del_id

  belongs_to :user
  has_many :orders

  def add_del_id
    randchars = ("a".."z").to_a.sample(8).join
    time = DateTime.now.strftime("%H%M%S")
    self.delid = "#{time}-#{randchars.upcase}"
  end

end

class DeladdressesController < ApplicationController
  before_action :find_my_order

  def show
    # Collect the delivery address for the order
    # Do we want to collect and store these per customer?
  end

  def new
    if current_user
      @savedaddresses = Deladdress.where(user: current_user)
    end
    @deladdress = Deladdress.new
  end

  def edit
    @deladdress = Deladdress.where(delid: params[:delid]).first
  end

  def create
    @deladdress = Deladdress.create(deladdress_params)
    @deladdress.user = current_user
    if @deladdress
      @order&.update(deladdress: @deladdress)
      redirect_to order_path(@order.ordernum), notice: "Address added"
    else
      render :new
    end
  end

  def update
    @deladdress = Deladdress.where(delid: params[:delid]).first
    if @deladdress.update(deladdress_params)
      @order.update(deladdress: @deladdress)
      redirect_to order_path(@order.ordernum), notice: t(".updated")
    else
      render :edit
    end
  end

  private

  def deladdress_params
    attributes = [:first_name, :last_name, :address, :apartment, :city, :state, :country, :postcode, :ordernum, :delid]
    params.require(:deladdress).permit(*attributes)
  end

  def find_my_order
    @order = find_order
  end

end
deladdress.rb

resources :deladdresses, param: :delid

<%= form_with model: deladdress, class: "mt-4" do |f| %>
  <%= render "shared/error_messages", resource: f.object %>

  .. lots removed for clarity ...

  <%= f.hidden_field :country, value: "Australia" %>
  <%= f.hidden_field :ordernum, name: :ordernum, value: @order %>
  <%= link_to order_path(@order.ordernum) do %>
    <button class="btn btn-secondary">Back</button>
  <% end %>
  <%= f.button "Save", id: 'submit', class: "btn btn-primary" %>
<% end %>

class Deladdress < ApplicationRecord

  before_save :add_del_id

  belongs_to :user
  has_many :orders

  def add_del_id
    randchars = ("a".."z").to_a.sample(8).join
    time = DateTime.now.strftime("%H%M%S")
    self.delid = "#{time}-#{randchars.upcase}"
  end

end

class DeladdressesController < ApplicationController
  before_action :find_my_order

  def show
    # Collect the delivery address for the order
    # Do we want to collect and store these per customer?
  end

  def new
    if current_user
      @savedaddresses = Deladdress.where(user: current_user)
    end
    @deladdress = Deladdress.new
  end

  def edit
    @deladdress = Deladdress.where(delid: params[:delid]).first
  end

  def create
    @deladdress = Deladdress.create(deladdress_params)
    @deladdress.user = current_user
    if @deladdress
      @order&.update(deladdress: @deladdress)
      redirect_to order_path(@order.ordernum), notice: "Address added"
    else
      render :new
    end
  end

  def update
    @deladdress = Deladdress.where(delid: params[:delid]).first
    if @deladdress.update(deladdress_params)
      @order.update(deladdress: @deladdress)
      redirect_to order_path(@order.ordernum), notice: t(".updated")
    else
      render :edit
    end
  end

  private

  def deladdress_params
    attributes = [:first_name, :last_name, :address, :apartment, :city, :state, :country, :postcode, :ordernum, :delid]
    params.require(:deladdress).permit(*attributes)
  end

  def find_my_order
    @order = find_order
  end

end
我显然错过了一些东西,但我真的不知道是什么

提前感谢您为完成此工作提供的任何帮助。

您可以将表单的url传递给表单帮助者,如下所示:

  • 对于调用编辑表单的位置:
    •
  • 对于您调用新表单的位置:
    •
    然后在形式本身中:

    <%= form_with model: deladdress, url: url, class: "mt-4" do |f| %>
...

    
...
    如果您的唯一目的是保护记录(“因此不容易猜到记录”),您应该查看授权宝石,如pundit或cancancan。@Clara,这将是我的下一个技巧。陡峭的学习曲线与我正在尝试做的,我正在努力让它工作,然后使它更复杂:)非常好!你想出了一个隐藏身份证的好主意,但是从技术上讲,一个能够猜到新的熟食店的用户仍然可以提交表单并更改另一个人的地址。这就是强大的宝石发挥作用的地方!无论如何,继续努力。谢谢你的回答。我已经试过了,但当我尝试做一个新地址时,它不起作用。它适用于编辑,但不适用于新建。您看到我如何将url部分添加到呈现表单中了吗?您也必须将此项(以及相应的路径)添加到呈现表单以创建新地址的位置:)我相信我已经。。。我已将其添加到new.html.erb和edit.html.erb。编辑可以,但新的不行。我已将url添加到表单中,但它仍在抱怨。这是我尝试执行新操作时收到的消息:
    No route matches{:action=>“show”,:controller=>“deladdresses”,:delid=>nil},缺少必需的键:[:delid]
    是否更改了新路径?应该是:
    对不起,这是我的错。当然,它必须是
    deliaddress\u path
    ,而不是
    new\u deliaddress\u path
    。我会再更新一次。您可以始终使用temrinal中的
    rails routes
    检查路径帮助器的前缀