[英]ruby on rails, issue with cart & current_user
i'm following the tutorial from Michael Hartl and created a shopping cart which i encountered few issues with. 我正在按照Michael Hartl的教程进行操作,并创建了一个购物车,但遇到的问题很少。
each user can create a new shopping cart with different 'id', but when different user add product to cart, the added products adds in all carts of different 'id' instead of that particular cart by current_user 每个用户都可以使用不同的“ id”创建一个新的购物车,但是当不同的用户向购物车中添加产品时,添加的产品会添加所有具有不同“ id”的购物车,而不是由current_user添加该特定购物车
how to restrict user to only view their own cart, without able to view other user cart? 如何限制用户只能查看自己的购物车,而不能查看其他用户的购物车?
please guide to resolve issues above, much appreciated with thanks! 请指导解决上述问题,非常感谢!
user.rb (not a complete code because it will be lengthy, added the 'has_one :cart' besides original codes from Michael Hartl tutorial) user.rb (不是完整的代码,因为它很长,除了Michael Hartl教程的原始代码外,还添加了“ has_one:cart”)
class User < ActiveRecord::Base
attr_accessor :remember_token, :activation_token, :reset_token
before_save :downcase_email
before_create :create_activation_digest
has_many :orders
has_one :cart
cart.rb cart.rb
class Cart < ActiveRecord::Base
has_many :line_items, dependent: :destroy
belongs_to :user
def add_product(product_id)
current_item = line_items.find_by(product_id: product_id)
if current_item
current_item.quantity += 1 #quantity of line_item, product in cart
else
current_item = line_items.build(product_id: product_id)
end
current_item
end
def total_price
line_items.to_a.sum { |item| item.total_price }
end
end
concerns/Current_Cart.rb 顾虑/Current_Cart.rb
module CurrentCart
extend ActiveSupport::Concern
private
def set_cart
@cart = current_user.cart || current_user.create_cart
session[:cart_id] = @cart.id
end
end
line_items_controller.rb line_items_controller.rb
class LineItemsController < ApplicationController
include CurrentCart
before_action :set_cart, only: [:create] #before create, execute :set_cart, find(or create) cart
before_action :set_line_item, only: [:show, :edit, :update, :destroy]
def index
@line_items = LineItem.all
end
def show
end
def new
@line_item = LineItem.new
end
def edit
end
def create
product = Product.find(params[:product_id])
@line_item = @cart.add_product(product.id)
if @line_item.save
redirect_to current_user.cart
else
render :new
end
end
def update
if @line_item.update(line_item_params)
redirect_to @line_item, notice: 'Line item was successfully updated.'
else
render :edit
end
end
def destroy
@line_item.destroy
redirect_to line_items_url, notice: 'Line item was successfully destroyed.'
end
private
def set_line_item
@line_item = LineItem.find(params[:id])
end
def line_item_params
params.require(:line_item).permit(:product_id)
end
end
carts_controller.rb carts_controller.rb
class CartsController < ApplicationController
before_action :set_cart, only: [:edit, :update, :destroy]
rescue_from ActiveRecord::RecordNotFound, with: :invalid_cart
def show
@cart = current_user.cart
end
def edit
end
def update
if @cart.update(cart_params)
redirect_to @cart, notice: 'Cart was successfully updated.'
else
render :edit
end
end
def destroy
@cart.destroy if @cart.id == session[:cart_id]
session[:cart_id] = nil
redirect_to store_url
end
private
# Use callbacks to share common setup or constraints between actions.
def set_cart
@cart = Cart.find(params[:id])
end
# Never trust parameters from the scary internet, only allow the white list through.
def cart_params
params.fetch(:cart, {})
end
def invalid_cart
logger.error "Attempt to access invalid cart #{params[:id]}"
redirect_to store_url, notice: 'Invalid cart'
end
end
if im logged in as an user with id '1', i created my cart with id '1'. 如果我以ID为“ 1”的用户身份登录,则我创建了ID为“ 1”的购物车。 I logged out, sign in again with another account with id '2', created a cart with id '2', but when i access another cart with link cart/1, im still able to see the cart from another user which not suppose to happen. 我注销,再次使用另一个ID为'2'的帐户登录,创建了一个ID为'2'的购物车,但是当我访问另一个具有链接cart / 1的购物车时,我仍然能够从其他用户那里看到该购物车即将发生。 Hope u understand – 希望你能理解–
The reason you can view another individual's cart is due to the controller code. 您可以查看其他人的购物车的原因是由于控制器代码。
Whenever you show
a cart, first the controller sets the cart using set_cart
from within the controller. 每当您show
购物set_cart
,控制器首先都会在控制器内部使用set_cart
设置购物车。
def set_cart
@cart = Cart.find(params[:id])
end
This will fetch whatever cart with a specific ID. 这将获取具有特定ID的所有购物车。
Then show will display any cart that is passed to it. 然后show将显示传递给它的所有购物车。
def show
@cart = current_user.cart
end
What you should be doing is using current_cart.rb
to set the cart and remove the existing set_cart
from the controller. 您应该使用current_cart.rb
设置购物车,并从控制器中删除现有的set_cart
。 Also, make set_cart
in current_cart.rb
public. 另外,将current_cart.rb
set_cart
公开。
You will also need to change your show
route, since it is expecting an :id
, and now we're not telling the server which cart to view. 您还需要更改您的show
路线,因为它期望使用:id
,现在我们不告诉服务器要查看哪个购物车。
I forget exactly where the book includes CurrentCart
, I believe it was in ApplicationController
. 我忘记了本书中确切包含CurrentCart
,我相信它在ApplicationController
。 If so, then before_action :set_cart, only[...]
should work just fine with other logic. 如果是这样,那么before_action :set_cart, only[...]
与其他逻辑一起可以正常工作。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.