[英]Not Showing Public Posts To Logged In Users - Rails
I'm using this application and the only problem I'm having is that when a user is logged in, they can see public posts, even if they didn't create it. 我正在使用此应用程序 ,唯一的问题是,当用户登录时,即使他们没有创建它,他们也可以看到公开的帖子。
Is there a way to have it so it doesn't show up along with other users' posts? 有没有办法让它不会与其他用户的帖子一起显示?
The point of the application is so a user can login and create posts, these are private by default which means only they can see it, if the user makes the post public, I'd like it so a non-logged in or logged in user can view but, which is exactly what I've got but that all the public posts show up with other users' posts. 该应用程序的重点是用户可以登录并创建帖子,默认情况下这些帖子是私人的,这意味着只有他们可以看到它,如果用户将该帖子设为公开,我希望它是未登录或已登录用户可以查看,但是,这正是我所拥有的,但是所有公开帖子都与其他用户的帖子一起显示。
Here is the application controller: 这是应用程序控制器:
class ApplicationController < ActionController::Base
protect_from_forgery
rescue_from ActiveRecord::RecordNotFound, :with => :handle_not_found
def handle_not_found
respond_to do |type|
type.html { redirect_to root_path, :notice => 'Record not found'}
type.all { render :nothing => true, :status => 404 }
end
true
end
end
Here is the post controller: 这是后控制器:
class PostsController < ApplicationController
before_filter :authenticate_user!, :except => [:index, :show]
# GET /posts
# GET /posts.json
def index
@posts = current_user ? Post.public_or_owned_by(current_user) : nil
render :template => current_user ? 'posts/index_logged_in' : 'posts/index_not_logged_in'
end
# GET /posts/1
# GET /posts/1.json
def show
@post = current_user ? Post.public_or_owned_by(current_user).find_by_url_id!(params[:id]) : Post.public.find_by_url_id!(params[:id])
respond_to do |format|
format.html # show.html.erb
format.json { render json: @post }
end
end
# GET /posts/new
# GET /posts/new.json
def new
@post = Post.new
respond_to do |format|
format.html # new.html.erb
format.json { render json: @post }
end
end
# GET /posts/1/edit
def edit
@post = current_user.posts.find_by_url_id(params[:id])
end
# POST /posts
# POST /posts.json
def create
@post = current_user.posts.build(params[:post])
respond_to do |format|
if @post.save
format.html { redirect_to @post, notice: 'Post was successfully created.' }
format.json { render json: @post, status: :created, location: @post }
else
format.html { render action: "new" }
format.json { render json: @post.errors, status: :unprocessable_entity }
end
end
end
# PUT /posts/1
# PUT /posts/1.json
def update
@post = current_user.posts.find_by_url_id(params[:id])
respond_to do |format|
if @post.update_attributes(params[:post])
format.html { redirect_to @post, notice: 'Post was successfully updated.' }
format.json { head :no_content }
else
format.html { render action: "edit" }
format.json { render json: @post.errors, status: :unprocessable_entity }
end
end
end
# DELETE /posts/1
# DELETE /posts/1.json
def destroy
@post = current_user.posts.find_by_url_id(params[:id])
@post.destroy
respond_to do |format|
format.html { redirect_to posts_url }
format.json { head :no_content }
end
end
end
Here is the post model: 这是帖子模型:
class Post < ActiveRecord::Base
belongs_to :user
before_create :generate_url_id
attr_accessible :title, :body, :is_public
scope :public, where(:is_public => true)
def self.public_or_owned_by(user)
t = Post.arel_table
Post.where(t[:user_id].eq(user.id).or(t[:is_public].matches(true)))
end
def generate_url_id
self.url_id = SecureRandom.urlsafe_base64
end
def to_param
self.url_id
end
end
And here is the user model: 这是用户模型:
class User < ActiveRecord::Base
# Include default devise modules. Others available are:
# :token_authenticatable, :confirmable,
# :lockable, :timeoutable and :omniauthable
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :trackable, :validatable
# Setup accessible (or protected) attributes for your model
attr_accessible :email, :password, :password_confirmation, :remember_me
# attr_accessible :title, :body
has_many :posts
end
still not sure i understand well what you want, but i would use two different routes : 仍然不确定我是否了解您想要什么,但是我会使用两种不同的路线:
resources :posts # see all public posts from everyone
resources :users do
resources :posts # nested route for a user to only see his own posts
end
so in your controller, you'll have : 因此,在您的控制器中,您将拥有:
def index
if params[:user_id]
if current_user && current_user.id == params[:user_id].to_i
# see all posts for a user, even non-public ones
@posts = Post.where( user_id: params[:user_id] )
else
# see public posts from a user
@posts = Post.public.where( user_id: params[:user_id] )
end
else
# see all public posts
@posts = Post.public
end
end
this is not the best you can do, but it is functionnal. 这不是您可以做的最好的事情,但是它是功能性的。 A better approach would be to use some authorization mechanism like CanCan .
更好的方法是使用诸如CanCan之类的授权机制。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.