I have two models: Image and Lightbox. To relate the two models (has_many) I have a third model LightboxImages.
One Lightbox can have several Images and a Image can be in various Lightboxes.
A Lightbox is created dynamically (with remote js) and the user can add Images to this Lightbox dynamically too.
My first idea was to simply create a url to the create method of the LightboxImages Controller passing the Lightbox Id and Image Id as parameter.
However, this approach seemed fragile and insecure, since a user could easily simulate such behavior.
What is the best design for this situation, create relationship records dynamically?
You actually have a fourth model -- User. I'm assuming you do anyway.
User has_many :lightboxes
Lightbox has_many :lightbox_items
Image has_many :lightbox_items
LightboxItem belongs_to :lightbox
LightboxItem belongs_to :image
Lightbox has_many :images, :through => :lightbox_item
Image has_many :lightboxes, :through => :lightbox_item
LightboxItem is where you might want to store additional data like the position of the image in that specific Lightbox.
The key thing is that every Lightbox belongs to a User. With this you can then scope all of the AR calls in your controller to the current user -- thus preventing them from modifying other light boxes.
So, user carlos has lightbox id 1. User phallstrom has lightbox id 2.
In your controller, you somehow set current_user to the current user in a before filter. Then, for example in the action to get the specified light box you would do something like this:
#lightbox = current_user.lightboxes.find_by_id(params[:id].to_i)
In doing it this way if current_user is carlos, and params[:id] is 2, nothing will be returned.
Similarly, for all the other CRUD actions you'd scope it to current_user as well.
Related
I'm seeking brainstorming input for a Rails design issue I've run across.
I have simple Book reviews feature. There's a Book class, a User class, and a UserBook class (a.k.a., reviews and ratings).
class User < ActiveRecord::Base
has_many :user_books
end
# (book_id, user_id, review data...)
class UserBook < ActiveRecord::Base
belongs_to :user
belongs_to :book
end
In the corresponding book controller for the "show" book action, I need to load the book data along with the set of book reviews. I also need to find out whether the current user (if there is one) has contributed to those reviews.
I'm currently running two queries, Book.where(...) and UserBook.where(...), and placing the results into two separate objects passed on to the view. Now, while I could run a third query to find whether the user is among those reviews (on UserBook), I'd prefer to pull that from the #reviews result set. But do I do that in the controller, or in the view?
Also worth noting is that in the view I have to draw Add vs Update review buttons accordingly, with their corresponding ajax URLs. So I'd prefer to know it before I start looping through a result set.
If I detect this in the controller though, I'll need three instance variables passed in, which I understand is considered distasteful in Rails land. Not sure how to avoid this.
Suggestions appreciated.
This smells like a case for has_many through, which is designed for cases where you want to access the data of a third table through an intermediate table (in this case, UserBook)
Great explanation of has_many :through here
Might look something like this:
class User < ActiveRecord::Base
has_many :user_books
has_many :users, through: :books
end
Then you can simply call
#user = User.find(x)
#user.user_books` # (perhaps aliased as `User.find(x).reviews`)
and
#user.books
to get a list of all books associated with the User.
This way, you can gain access to all of the information you need for a particular user with a single #user instance variable.
PS - You'll want to take a look at the concept of Eager loading, which will prevent you from making extraneous database calls while fetching all of this information.
class Company < ActiveRecord::Base
has_many :users
end
The user hits on Company->Users href link and assuming it shows 3 users for a certain company.
I would want to set user.age (an integer) for all the users and press save. How do I do this in my controller / view code?
We usually have an Edit link against each User to modify its details, but I would like to set age information for all users.
Use a form_tag to submit to an arbitrary controller action set up specifically for editing multiple users (not one of your user scaffold methods). Then, add one fields_for tag per user inside of the form you created, each with a field for the age attribute. When submitted, you can simply iterate over the user params in the controller to manipulate your users.
I'm very new to web-development (I feel like all my posts lately have started that way) and becoming, with time, less new to rails. I'm at a point where I can do a sizeable amount of the things required for my job but there's one nagging problem I keep running into:
How do I decide if which action I should use for a given task? index, show, new, edit, create, update or destroy?
destroy is pretty obvious and I can loosely divide the rest into two buckets with index/show in one and new/edit/create in the other. But how do I decide which one to use or if I should build one of my own?
Some general guidelines or links to further reading would be very beneficial for me.
Here is how I think of these 7 RESTful Controller actions. Take, for example, a Person resource. The corresponding PeopleController would contain the following actions:
index: List a set of people (maybe with some optional conditions).
show: Load a single, previously created Person with the intention of viewing. The corresponding View is usually "read-only."
new: Setup or build an new instance of a Person. It hasn't been saved yet, just setup. The corresponding View is usually some type of form where the user can enter attribute values for this new Person. When this form is submitted, Rails sends it to the "create" action.
create: Save the Person that was setup using the "new" action.
edit: Retrieve a previously created Person with the intention of changing its attributes. The changes have not been made or submitted yet. The corresponding View is usually a form that Rails will submit to the "update" action.
update: Save the changes made when editing a previously created Person.
destroy: Well, as you guessed, destroy or delete a previously created Person.
Of course there is some debate as to whether these 7 actions are sufficient for all controllers, but in my experience they tend to do the job with few exceptions. Adding other actions is usually a sign of needing an additional type of resource.
For example, say you have an HR application full of Person resources you are just dying to hire. In order to accomplish this, you may be tempted to create a "hire" action (i.e., /people/456/hire). However, a more RESTful approach would instead consider this the "creation" of an Employment resource. Something like the following:
class Person < ActiveRecord::Base
has_many :employments
has_many :employers, :class_name => 'Company', :through => :employments, :source => :company
end
class Employement < ActiveRecord::Base
belongs_to :person
belongs_to :company
end
class Company < ActiveRecord::Base
has_many :employments
has_many :employees, :class_name => 'Person', :through => :employments, :source => :person
end
The EmploymentsController's create action would then be used.
Okay, this is getting long. Don't be afraid to setup a lot of different resources (and you probably won't use all 7 Controller actions for each of these). It pays off in the long run and helps you stick to these 7 basic RESTful actions.
You can name your actions whatever you want. Generally, by Rails convention, index is the default one, show shows one item, list shows many, new and edit start editing a new or old item, and create and update will save them, respectively. destroy will kill an item, as you guessed. But all these are just conventions: you can name your action yellowtail if that's what you want to do.
You have a set of related models created through a scaffold e.g. a house, which has many rooms, which each have many windows, which each has a selection of locks.
These resources are already full of data i.e. someone has entered all the information, such as: a room called 'kitchen' has various windows associated with it and these windows each have five different locks associated with them.
Someone comes along and says:
Can you create a form that lets someone create a new project where they can select the different rooms, windows and then specify the locks that they would like for that project? (these are already in the system, nothing new to add, just the associations to a new project)
This sounds like a nested form but I have wasted a lot of time trying to solve this - there are many levels of nesting, which make this tricky. Any suggestions?
session based solution
With such deeply nested models select box on the front end wouldn't be enough...
Assuming this, you may want to create a current_house who's id live in a session (just like current_user works).
Once you have your current_house add different items by navigating to your list of items view and clicking on the add_to link :
# house_controller.rb
def add_to
current_house.polymorphic_items << Kitchen.find(params[:id])
redirect_to :back
end
But there are many approaches to this session based solution which sort of implements a cart/order system. You may want to add a current_item to add stuff in each leaf of your tree aka room of your house.
E.G after clicking on the kitchen you just added :
before_filter :set_current_item
def add_to
current_item.windows << Window.find(id)
end
current_item beeing polymorphic : a living room, a bathroom etc.
But how you implement that precisely depends on your Domain Model....
As a rule of thumb regarding nested forms I'd follow rails guidance for routes : don't go deeper than one level or you'll end up in a mess.
Yes this is a nested form. Railscasts nested forms is a great place to start.
If everything is already in the system you probably just want select boxes so they can select what they want. Also check out the .build method. If you have multiple levels of nesting you can also manually set the association by passing in the foreign key yourself.
I think you can model this with a single level of nested attributes, given the models below (based on Windows/Locks pre-existing and a room just needing to mix and match them into a set of windows with given locks):
class House < ActiveRecord::Base
has_many :rooms
end
class Room < ActiveRecord::Base
belongs_to :house
has_many :window_configs
end
class WindowConfig < ActiveRecord::Base
belongs_to :room
belongs_to :window
belongs_to :lock
end
class Lock < ActiveRecord::Base
has_many :window_configs
end
class Window < ActiveRecord::Base
has_many :window_configs
end
... based on that model setup, you could have a single house form that you dynamically add child 'room' definitions to that each have a name and a collection of window_configs which have two select boxes for each one (choose a window definition and then a lock definition). Because you're dynamically adding multiple rooms with multiple windows, you'd need some JS to populate new form elements, but it could all live in a single nested form.
form_for :house do |form|
# Dynamically add a Room form for each room you want with js
form.fields_for :room do |room_attributes|
room_attributes.text_field :name
# Dynamically add window_config forms on Room w/ JS
room_attributes.fields_for :window_config do |window_attributes|
window_attributes.select :window_id, Window.all
window_attributes.select :lock_id, Lock.all
I'm developing a website with Ruby on Rails.
I want to find the better way to let users (not developers) to edit text on some pages (like the index...). (like a CMS ?)
Actually they had to get the page through FTP, to edit the text and to put the new file on the server (through FTP).
It's a very very bad practice and I wanted to know if someone has an idea to solve this problem ?
Many thanks
It would be the same as the basic Rails CRUD operations. Just make a model/controller representing page content, and an edit view for the controller. Then on the pages you want text to be editable, instead of having the content directly on the page just use a view partial.
Of course, you would probably also want to implement some type of authentication to make sure not just everyone can edit pages.
Well, one thing you could do is add a model to your database called "Content" or "Copy" which represents some text on a page. Then you could use polymorphic association to link the content/copy to your actual model. For instance, if you had a page with a list of products on it, you'd likely have a Product model in your database. You could do something like this:
class Content < ActiveRecord::Base
belongs_to :contentable, :polymorphic => true # excuse my lame naming here
# this model would need two fields to make it polymorphic:
# contentable_id <-- Integer representing the record that owns it
# contentable_type <-- String representing the kind of model (Class) that owns it
# An example would look like:
# contentable_id: 4 <--- Product ID 4 in your products table
# contentable_type: Product <--- Tells the rails app which model owns this record
# You'd also want a text field in this model where you store the page text that your
# users enter.
end
class Product < ActiveRecord::Base
has_many :contents, :as => :contentable # again forgive my naming
end
In this scenario, when the product page renders, you could call #product.contents to retrieve all the text users have entered for this product. If you don't want to use two separate models like this, you could put a text field directly on the Product model itself and have users enter text there.