【发布时间】:2019-03-27 17:34:33
【问题描述】:
我正在处理审核申请。在这个应用程序中,用户可以发布他们自己的项目和其他用户对其进行评论。但是当其他用户尝试编辑他们自己的评论时,我遇到了这个错误。只有项目所有者才能编辑项目。但是应该允许撰写评论的用户编辑评论。
这个认证怎么分?
/controllers/projects_controller.rb
class ProjectsController < ApplicationController
before_action :signed_in_user, only: [:new, :create, :edit, :update, :destroy]
before_action :set_project, only: [:show, :edit, :update]
before_action :correct_user, only: [:edit, :update]
def edit
end
def update
@project.attributes = create_params
if @project.save
redirect_to @project
else
render edit_project_path(id: @project.id)
end
end
private
def signed_in_user
unless user_signed_in?
redirect_to root_path
end
end
def set_project
@project = Project.find_by_id(params[:id])
end
def correct_user
unless current_user.projects.include?(@user)
redirect_to root_path
end
end
end
/controllers/reviews_controller.rb
class ReviewsController < ApplicationController
before_action :set_projectct, only: [:new, :create, :edit, :update]
before_action :set_review, only: [:edit, :update, :destroy]
before_action :correct_user, only: [:edit, :update]
def edit
end
def update
@review.attributes = create_params
if @reviews.save
redirect_to prokect_path(id: @review.project_id)
else
redirect_to project_path(id: @review.project_id)
end
end
def set_project
@project = Project.find_by_id(params[:project_id])
end
def set_review
@review = Review.find_by_id(params[:id])
end
def correct_user
unless current_user.review.include?(@review)
redirect_to root_path
end
end
end
routes.rb
resources :projects do
resources :reviews
end
【问题讨论】:
-
您是否尝试在评论控制器上定义一个单独的
correct_user过滤器? -
啊,我试试谢谢。
-
我在评论控制器上定义了
correct_user。我做不到。 -
你不能这样做是什么意思?您可以编辑您的问题以显示您的尝试吗?
-
对不起,我添加了@maxpleaner
标签: ruby-on-rails ruby