大家好,我目前正在 Ruby on Rails 上编写 API,但在更新数据库中的设施时遇到了障碍。
我想要完成的事情:
如果当前登录的用户与企业关联的电子邮件地址具有相同的匹配电子邮件,则允许该用户更新企业信息。
不幸的是,我一直在尝试弄清楚如何验证当前登录的用户是否与存档的机构电子邮件相匹配。任何帮助 ID 表示赞赏。谢谢
这是我的代码:
def update
establishment = Establishment.update(establishment_params)
current_user ||= User.find(session[:user_id]) if session[:user_id]
if !session[:user_id]
render json: {status: 'Information Updated'}, status: :ok
else
render json: {status: 'Not Verified'}, status: :unprocessable_entity
end
end
def establishment_params
params.permit(
:name,
:address,
:city,
:state,
:zipcode,
:phone
)
end
最佳答案
也许试试这样的东西:
def update
if authorized?
establishment.assign_attributes(establishment_params)
if establishment.valid?
establishment.save!
render json: {status: 'Information Updated'}, status: :ok
else
render json: {status: 'Not Updated', errors: establishment.errors.full_messages}, status: :unprocessable_entity
end
else
render json: {status: 'Not Verified'}, status: :unauthorized
end
end
private
def authorized?
# Guessing at how to access email addresses. You'll need to fix to fit
# your actual record structures.
return false unless current_user && current_user.email_address
return false unless establishment && establishment.email_address
current_user.email_address == establishment.email_address
end
def establishment
# memoization for @establishment
@establishment ||= find_establishment
end
def find_establishment
# Will throw an error if Establishment not found. Guessing on
# params[:id]. You'll need to correct to wherever/however you
# pass in the Establishment id.
Establishment.find(params[:id])
end
在创建 API 时,您可能希望以合理的常规方式使用 :unprocessable_entity
和 :unauthorized
。当用户未经授权时返回 :unprocessable_entity
的状态对我来说似乎很不寻常。我建议这就是状态 :unauthorized
的用途。
另外,就我个人而言,比起 before_action
方法,我更喜欢内存方法。过去,我发现(在我自己的项目中)使用 before_action
会导致难以诊断的错误。但话又说回来,我擅长制造难以诊断的错误。因此,请按照您的喜好进行操作。
哦,最后,我使用了 assign_attributes
而不是 update
。 assign_attributes
不进行保存,这使您有机会执行 establishment.valid?
并处理提供的属性无效的情况。在这种情况下,:unprocessable_entity
状态(适本地)连同完整的错误消息一起返回。
如果你愿意,你可以做一些像这样的事情:
def update
authorized ? update : unauthorized
end
private
def authorized?
return false unless current_user && current_user.email_address
return false unless establishment && establishment.email_address
current_user.email_address == establishment.email_address
end
def establishment
@establishment ||= find_establishment
end
def find_establishment
Establishment.find(params[:id])
end
def unauthorized
render json: {status: 'Not Verified'}, status: :unauthorized
end
def update
establishment.assign_attributes(establishment_params)
establishment.valid ? save_and_return : return_errors
end
def save_and_return
establishment.save!
render json: {status: 'Information Updated'}, status: :ok
end
def return_errors
render json: {status: 'Not Updated', errors: establishment.errors.full_messages}, status: :unprocessable_entity
end
就我个人而言,我喜欢很多小方法,每个方法都有非常特定的目的,而不是包含很多内容的大方法。在这个特定的用例中,这有点过分了。
关于mysql - 仅当用户登录匹配电子邮件时,Ruby On Rails API 更新记录,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/50722750/