红宝石在轨道上，购物车和current_user问题

Question

i'm following the tutorial from Michael Hartl and created a shopping cart which i encountered few issues with.

1. each user can create a new shopping cart with different 'id', but when different user add product to cart, the added products adds in all carts of different 'id' instead of that particular cart by current_user

2. how to restrict user to only view their own cart, without able to view other user cart?

please guide to resolve issues above, much appreciated with thanks!

user.rb (not a complete code because it will be lengthy, added the 'has_one :cart' besides original codes from Michael Hartl tutorial)

class User < ActiveRecord::Base
attr_accessor :remember_token, :activation_token, :reset_token
before_save :downcase_email
before_create  :create_activation_digest
has_many :orders
has_one :cart

cart.rb

class Cart < ActiveRecord::Base
has_many :line_items, dependent: :destroy
belongs_to :user

def add_product(product_id)
    current_item = line_items.find_by(product_id: product_id)
        if current_item
            current_item.quantity += 1 #quantity of line_item, product in cart
        else
            current_item = line_items.build(product_id: product_id)
        end
    current_item
end


def total_price
    line_items.to_a.sum { |item| item.total_price }
end
end

concerns/Current_Cart.rb

module CurrentCart
extend ActiveSupport::Concern

private
 def set_cart
  @cart = current_user.cart || current_user.create_cart
  session[:cart_id] = @cart.id
 end
end

line_items_controller.rb

class LineItemsController < ApplicationController
include CurrentCart
before_action :set_cart, only: [:create] #before create, execute :set_cart, find(or create) cart
before_action :set_line_item, only: [:show, :edit, :update, :destroy]


def index
  @line_items = LineItem.all
end

def show
end

def new
  @line_item = LineItem.new
end

def edit
end

def create
product = Product.find(params[:product_id])
@line_item = @cart.add_product(product.id)
  if @line_item.save
    redirect_to current_user.cart 
  else
    render :new 
  end
end

def update
  if @line_item.update(line_item_params)
    redirect_to @line_item, notice: 'Line item was successfully updated.' 
  else
    render :edit 
  end
end

def destroy
@line_item.destroy
  redirect_to line_items_url, notice: 'Line item was successfully destroyed.' 
end

private
def set_line_item
  @line_item = LineItem.find(params[:id])
end

def line_item_params
  params.require(:line_item).permit(:product_id)
end
end

carts_controller.rb

class CartsController < ApplicationController
before_action :set_cart, only: [:edit, :update, :destroy]
rescue_from ActiveRecord::RecordNotFound, with: :invalid_cart


def show
  @cart = current_user.cart
end

def edit
end


def update
  if @cart.update(cart_params)
    redirect_to @cart, notice: 'Cart was successfully updated.' 
  else
    render :edit 
  end
end


def destroy
  @cart.destroy if @cart.id == session[:cart_id]
  session[:cart_id] = nil
  redirect_to store_url
end

private
  # Use callbacks to share common setup or constraints between actions.
  def set_cart
    @cart = Cart.find(params[:id])
end

# Never trust parameters from the scary internet, only allow the white list through.
def cart_params
  params.fetch(:cart, {})
end

def invalid_cart
  logger.error "Attempt to access invalid cart #{params[:id]}"
  redirect_to store_url, notice: 'Invalid cart'
end
end

Answer 1

if im logged in as an user with id '1', i created my cart with id '1'. I logged out, sign in again with another account with id '2', created a cart with id '2', but when i access another cart with link cart/1, im still able to see the cart from another user which not suppose to happen. Hope u understand –

The reason you can view another individual's cart is due to the controller code.

Whenever you show a cart, first the controller sets the cart using set_cart from within the controller.

def set_cart
  @cart = Cart.find(params[:id])
end

This will fetch whatever cart with a specific ID.

Then show will display any cart that is passed to it.

def show
  @cart = current_user.cart
end

What you should be doing is using current_cart.rb to set the cart and remove the existing set_cart from the controller. Also, make set_cart in current_cart.rb public.

You will also need to change your show route, since it is expecting an :id , and now we're not telling the server which cart to view.

I forget exactly where the book includes CurrentCart , I believe it was in ApplicationController . If so, then before_action :set_cart, only[...] should work just fine with other logic.