在Ruby on Rails中引用当前用户

Question

So I've used the logic in the "authentication from scratch" railscast at http://railscasts.com/episodes/250-authentication-from-scratch and it seems to work and I can stick a "You are logged in as..." message at the top of the page.

But if I want to do something like log who submitted a post I've hit a bit of a wall.

I don't want to submit it through a hidden field in the new post form, because I guess there are security issues with that.

I don't want to use the "belongs to" logic in the rails tutorial at http://ruby.railstutorial.org/ruby-on-rails-tutorial-book because although it would technically work here, I might in the future need to log who created an entry where the "belongs to" relationship doesn't exist.

What I tried to do was create a "before save" function call in my post model that assigns a "created_by" value, but I guess models can't access the current_user that was created as per the authentication railscast.

So now I've got no idea how to do something like this.

EDIT: New to Ruby, new to ERD, all that, but what I mean by the belongs to relationship doesn't exist is if there were, say, a rating system for posts, each rating would belong to a post. But I'd also want to log who submitted each rating.

Answer 1

If I understand well the problem you have is the fact you can't see which user is currently loggen using current_user helper method in your model, you can just set the created_by attribute of the post in the Post controller before to save it, something like:

def create
  @post = Post.new(params[:post])
  @post.created_by = current_user.id
  if @post.save
    redirect_to whereyouwant_url, :notice => "Post successfully created"
  else
    render "new"
  end
end

Answer 2

(alternative to Aldo 'xoen' Giambelluca answer)

I think you should use a belongs_to relationship as explained by loosecannon, but if you really don't want, add the following method in your User class:

def new_post(params)
  post = Post.new(params)
  post.created_by = id 
  post
end

and in your controller:

def create
  @post = current_user.new_post(params[:post])
  if @post.save
    redirect_to @post, notice: 'Post successfully created'
  else
    render 'new'
  end
end

Answer 3

Ok, not sure what complications exist, but here goes:

so addind a belongs_to makes the post have a field called user_id that is a foreign key for the user's id. if you added a created by, this would do the same thing, except you would have to program the updating and derefreneces yourself. I think that this is probably the best way to get this functionality, and you would just have to add it later to the parts that don't have it, but rails makes it easy.

class User < ActiveRecord::Base
  has_many :posts
end

class Post < ActiveRecord::Base
  belongs_to :user, :as => :created_by
end



post.created_by
user.posts

would give you access to that user, and is this is equivalent to using what you talked about, except rails would do its magic and add methods for you.

EDIT: if this doesn't work for you, sorry your question wasn't clear on why you needed certain things, but you can always add belongs to relationship pretty easy, thats what I would recommend.