Ruby on rails 不使用参数的自定义路由参数和表单_
我正在尝试为一个地址分配一个自定义id,这样就不容易猜测记录(对于那些想要添加和更改其他人地址的人)。出于某种原因,虽然我可以创建具有正确创建路径的记录,但来自Ruby on rails 不使用参数的自定义路由参数和表单_,ruby-on-rails,form-with,Ruby On Rails,Form With,我正在尝试为一个地址分配一个自定义id,这样就不容易猜测记录(对于那些想要添加和更改其他人地址的人)。出于某种原因,虽然我可以创建具有正确创建路径的记录,但来自form_with的编辑路径似乎没有使用自定义资源参数 routes.rb resources :deladdresses, param: :delid <%= form_with model: deladdress, class: "mt-4" do |f| %> <%= render &qu
form_with
的编辑路径似乎没有使用自定义资源参数
routes.rb
resources :deladdresses, param: :delid
<%= form_with model: deladdress, class: "mt-4" do |f| %>
<%= render "shared/error_messages", resource: f.object %>
.. lots removed for clarity ...
<%= f.hidden_field :country, value: "Australia" %>
<%= f.hidden_field :ordernum, name: :ordernum, value: @order %>
<%= link_to order_path(@order.ordernum) do %>
<button class="btn btn-secondary">Back</button>
<% end %>
<%= f.button "Save", id: 'submit', class: "btn btn-primary" %>
<% end %>
class Deladdress < ApplicationRecord
before_save :add_del_id
belongs_to :user
has_many :orders
def add_del_id
randchars = ("a".."z").to_a.sample(8).join
time = DateTime.now.strftime("%H%M%S")
self.delid = "#{time}-#{randchars.upcase}"
end
end
class DeladdressesController < ApplicationController
before_action :find_my_order
def show
# Collect the delivery address for the order
# Do we want to collect and store these per customer?
end
def new
if current_user
@savedaddresses = Deladdress.where(user: current_user)
end
@deladdress = Deladdress.new
end
def edit
@deladdress = Deladdress.where(delid: params[:delid]).first
end
def create
@deladdress = Deladdress.create(deladdress_params)
@deladdress.user = current_user
if @deladdress
@order&.update(deladdress: @deladdress)
redirect_to order_path(@order.ordernum), notice: "Address added"
else
render :new
end
end
def update
@deladdress = Deladdress.where(delid: params[:delid]).first
if @deladdress.update(deladdress_params)
@order.update(deladdress: @deladdress)
redirect_to order_path(@order.ordernum), notice: t(".updated")
else
render :edit
end
end
private
def deladdress_params
attributes = [:first_name, :last_name, :address, :apartment, :city, :state, :country, :postcode, :ordernum, :delid]
params.require(:deladdress).permit(*attributes)
end
def find_my_order
@order = find_order
end
end
\u form.html.erb
resources :deladdresses, param: :delid
<%= form_with model: deladdress, class: "mt-4" do |f| %>
<%= render "shared/error_messages", resource: f.object %>
.. lots removed for clarity ...
<%= f.hidden_field :country, value: "Australia" %>
<%= f.hidden_field :ordernum, name: :ordernum, value: @order %>
<%= link_to order_path(@order.ordernum) do %>
<button class="btn btn-secondary">Back</button>
<% end %>
<%= f.button "Save", id: 'submit', class: "btn btn-primary" %>
<% end %>
class Deladdress < ApplicationRecord
before_save :add_del_id
belongs_to :user
has_many :orders
def add_del_id
randchars = ("a".."z").to_a.sample(8).join
time = DateTime.now.strftime("%H%M%S")
self.delid = "#{time}-#{randchars.upcase}"
end
end
class DeladdressesController < ApplicationController
before_action :find_my_order
def show
# Collect the delivery address for the order
# Do we want to collect and store these per customer?
end
def new
if current_user
@savedaddresses = Deladdress.where(user: current_user)
end
@deladdress = Deladdress.new
end
def edit
@deladdress = Deladdress.where(delid: params[:delid]).first
end
def create
@deladdress = Deladdress.create(deladdress_params)
@deladdress.user = current_user
if @deladdress
@order&.update(deladdress: @deladdress)
redirect_to order_path(@order.ordernum), notice: "Address added"
else
render :new
end
end
def update
@deladdress = Deladdress.where(delid: params[:delid]).first
if @deladdress.update(deladdress_params)
@order.update(deladdress: @deladdress)
redirect_to order_path(@order.ordernum), notice: t(".updated")
else
render :edit
end
end
private
def deladdress_params
attributes = [:first_name, :last_name, :address, :apartment, :city, :state, :country, :postcode, :ordernum, :delid]
params.require(:deladdress).permit(*attributes)
end
def find_my_order
@order = find_order
end
end
deladdress.rb
resources :deladdresses, param: :delid
<%= form_with model: deladdress, class: "mt-4" do |f| %>
<%= render "shared/error_messages", resource: f.object %>
.. lots removed for clarity ...
<%= f.hidden_field :country, value: "Australia" %>
<%= f.hidden_field :ordernum, name: :ordernum, value: @order %>
<%= link_to order_path(@order.ordernum) do %>
<button class="btn btn-secondary">Back</button>
<% end %>
<%= f.button "Save", id: 'submit', class: "btn btn-primary" %>
<% end %>
class Deladdress < ApplicationRecord
before_save :add_del_id
belongs_to :user
has_many :orders
def add_del_id
randchars = ("a".."z").to_a.sample(8).join
time = DateTime.now.strftime("%H%M%S")
self.delid = "#{time}-#{randchars.upcase}"
end
end
class DeladdressesController < ApplicationController
before_action :find_my_order
def show
# Collect the delivery address for the order
# Do we want to collect and store these per customer?
end
def new
if current_user
@savedaddresses = Deladdress.where(user: current_user)
end
@deladdress = Deladdress.new
end
def edit
@deladdress = Deladdress.where(delid: params[:delid]).first
end
def create
@deladdress = Deladdress.create(deladdress_params)
@deladdress.user = current_user
if @deladdress
@order&.update(deladdress: @deladdress)
redirect_to order_path(@order.ordernum), notice: "Address added"
else
render :new
end
end
def update
@deladdress = Deladdress.where(delid: params[:delid]).first
if @deladdress.update(deladdress_params)
@order.update(deladdress: @deladdress)
redirect_to order_path(@order.ordernum), notice: t(".updated")
else
render :edit
end
end
private
def deladdress_params
attributes = [:first_name, :last_name, :address, :apartment, :city, :state, :country, :postcode, :ordernum, :delid]
params.require(:deladdress).permit(*attributes)
end
def find_my_order
@order = find_order
end
end
我显然错过了一些东西,但我真的不知道是什么
提前感谢您为完成此工作提供的任何帮助。您可以将表单的url传递给表单帮助者,如下所示:
然后在形式本身中:
<%= form_with model: deladdress, url: url, class: "mt-4" do |f| %>
...
...
如果您的唯一目的是保护记录(“因此不容易猜到记录”),您应该查看授权宝石,如pundit或cancancan。@Clara,这将是我的下一个技巧。陡峭的学习曲线与我正在尝试做的,我正在努力让它工作,然后使它更复杂:)非常好!你想出了一个隐藏身份证的好主意,但是从技术上讲,一个能够猜到新的熟食店的用户仍然可以提交表单并更改另一个人的地址。这就是强大的宝石发挥作用的地方!无论如何,继续努力。谢谢你的回答。我已经试过了,但当我尝试做一个新地址时,它不起作用。它适用于编辑,但不适用于新建。您看到我如何将url部分添加到呈现表单中了吗?您也必须将此项(以及相应的路径)添加到呈现表单以创建新地址的位置:)我相信我已经。。。我已将其添加到new.html.erb和edit.html.erb。编辑可以,但新的不行。我已将url添加到表单中,但它仍在抱怨。这是我尝试执行新操作时收到的消息:No route matches{:action=>“show”,:controller=>“deladdresses”,:delid=>nil},缺少必需的键:[:delid]
是否更改了新路径?应该是:
对不起,这是我的错。当然,它必须是deliaddress\u path
,而不是new\u deliaddress\u path
。我会再更新一次。您可以始终使用temrinal中的rails routes
检查路径帮助器的前缀