stackoom
  简体   繁体   中英

Ruby on Rails belongs_to many

 原文  2014-09-16 20:42:59       ruby-on-rails/ ruby/ belongs-to/ has-and-belongs-to-many

Question

Here is my situation :

Items : 

has_many :games

Users : 

has_many :games

Games : 

belongs_to :user
belongs_to :item

On my Item page i have a link to create a new game. How to get the item ID in a secure way ? Because in my database I need to store for 1 game the user_id and the item_id. For now, I'm doing this which store only the user_id automatically : 

 def create
    @game = current_user.games.build(game_params)
    if @game.save
      redirect_to root_url
    else
      render 'pages/home'
    end
  end

  private

    def game_params
      params.require(:game).permit(:time, :score)
    end

I suppose that adding a game_params :item_id is not the right way and is not secure ?!

Here is the scenario wanted :

A user came to an item page, click on a button to create a game, when I record the game I want to be able to store the user_id (it's OK for this part) and the item_id without any more user interaction. I don't want him to choose "manually" I want to "force it" (thanks to the item page where he comes from)

In a perfect world I would like to :

  • retrieve every games from one user with something like current_user.games

  • retrieve every games from one item with something like item_id.games

2 answers

solution1
 0  2014-09-16 22:10:03

in your item page use: 

new_form_path(item_id: @item.id)

instead of: 

new_form_path

in your game form: 

= form_for @game do |f|
  = f.hidden_field :item_id, value: params[:item_id]

in your game controller: 

params.require(:game).permit(:time, :score, :item_id)

There are many ways to do what you want, this is one of them.

solution2
 0  2014-09-17 13:16:49

I think this is what you are looking for 

<%= button_to "New Game", {controller: 'games', action: 'create'}, params:{item_id: item.id} %>

this will generate html like 

<form method="post" action="/games/create" class="button_to">
    <div>
        <input type="hidden" name="item_id" value="YOUR ITEM ID" />
        <input type="submit" value="New Game" /> 
    </div>
</form>

When you click the button it will pass item_id as a post request to the controller. Since I have no idea what your actual view looks like I am not sure where you are getting things like :time and :score

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question relationship belongs_to to belongs_to in ruby on rails ruby on rails - difference between using JUST 'belongs_to' versus using BOTH 'has_many' and 'belongs_to'? Reason for belongs_to and has_many associations in ruby-on-rails Ruby on rails & mongoid - relation management belongs_to, has_many Ruby on Rails: listing Products with belongs_to / has_many assosiation Ruby on Rails: Two Models Both Have Has/Many and Belongs_to Rails has_many :through, null belongs_to, multiple belongs_to and deletion of belongs_to? Ruby on Rails - Forms with belongs_to association Named scope with a belongs_to join in Ruby on Rails 4 Ruby on Rails, belongs_to does not work
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM