【发布时间】:2013-11-19 09:53:30
【问题描述】:
我目前有一个订阅布尔值设置为 False 的用户。
用户创建订阅后如何更改该值?
我在下面写了我的代码....Rails 新手请帮忙 :)
模型
class User < ActiveRecord::Base
attr_accessible :name, :username, :email, :subscribed
has_one :subscription, :dependent => :destroy
end
class Subscription < ActiveRecord::Base
attr_accessible :plan_id, :user_id, :email
belongs_to :plan
belongs_to :user
after_create :subscribed
def subscribed ***This is my current code
if self.user.subscribed == false
self.user.subscribed = true
end
end
def save_with_payment
if valid?
save_with_stripe_payment
end
end
def save_with_stripe_payment
customer = Stripe::Customer.create(card: stripe_card_token, email: email, plan: plan_id, description: "Unlimited Comics")
self.stripe_customer_token = customer.id
save!
rescue Stripe::InvalidRequestError => e
logger.error "Stripe error while creating customer: #{e.message}"
errors.add :base, "There was a problem with your credit card."
false
end
end
控制器
class SubscriptionsController < ApplicationController
def new
plan = Plan.find(params[:plan_id])
@subscription = plan.subscriptions.build
@subscription.user_id = current_user.id
end
def create
@subscription = Subscription.new(params[:subscription])
if @subscription.save_with_payment
redirect_to @subscription, :success => "Thank you for subscribing!"
else
render :new
end
end
end
SHEMA
create_table "users", :force => true do |t|
t.string "name"
t.string "email"
t.boolean "subscribed", :default => false ***change to True
t.string "username"
end
create_table "subscriptions", :force => true do |t|
t.integer "plan_id"
t.integer "user_id"
end
【问题讨论】:
-
我可以看到这里的安全漏洞。恶意用户可以为自己以外的其他人创建订阅。
标签: ruby-on-rails ruby boolean boolean-expression