如何隐藏其他用户的“私人”显示页面？

AnthonyGalli.com

换句话说，例如，用户输入：

http://0.0.0.0:3000/goals/3

他们将能够看到该用户的目标，即使该用户以“私人”身份提交了该目标。我忽略了这一点，因为就目前而言，通过“私人”提交目标会将目标隐藏在用户的个人资料和Feed中，但如果其他用户通过url直接搜索目标，则不会。

我们该如何解决呢？

Goals_Controller

class GoalsController < ApplicationController
  before_action :set_goal, only: [:show, :edit, :update, :destroy, :like, :user_goals]
  before_action :logged_in_user, only: [:create, :destroy]
  before_action :correct_user, only: [:edit, :update, :destroy]

  def index
    if params[:tag]
      @goals = Goal.tagged_with(params[:tag])
    elsif params[:user_id]
      @accomplished_goals = User.find(params[:user_id]).goals.accomplished.order("deadline")
      @unaccomplished_goals = User.find(params[:user_id]).goals.unaccomplished.order("deadline")
    else
      @accomplished_goals = current_user.goals.accomplished.order("deadline")
      @unaccomplished_goals = current_user.goals.unaccomplished.order("deadline")
    end
  end

  def user_goals
      @goals = Goal.find_by({user_id: params[:user_id]})
      render :index # or some other view
  end

  def show
    @goal = Goal.find(params[:id])
    @commentable = @goal
    @comments = @commentable.comments
    @comment = Comment.new
    @notable = @goal
    @notes = @notable.notes
    @note = Note.new
    @correct_user = current_user.goals.find_by(id: params[:id])
  end

  def new
    @goal = current_user.goals.build
  end

  def edit
  end

  def create
    @goal = current_user.goals.build(goal_params)
    if (params[:commit] == 'conceal')
      @goal.conceal = true
      @goal.save
      redirect_to @goal, notice: 'Goal was successfully created'
    elsif
      @goal.save
      track_activity @goal
      redirect_to @goal, notice: 'Goal was successfully created'
    else
      flash.now[:danger] = 'Required Field: "Enter Goal"'
      render 'new'
    end
  end

  def update
    if @goal.update(goal_params)
      redirect_to goals_url, notice: 'Goal was successfully updated'
    else
      render action: 'edit'
  end
end

  def destroy
    @goal.destroy
    redirect_to goals_url
  end

  def like
    @goal = Goal.find(params[:id])
    @goal_like = current_user.goal_likes.build(goal: @goal)
    if @goal_like.save
      @goal.increment!(:likes)
      flash[:success] = 'Thanks for liking!'
    else
      flash[:error] = 'Two many likes'
    end  
      redirect_to(:back)
  end

  private
    def set_goal
      @goal = Goal.find(params[:id])
    end

    def correct_user
      @goal = current_user.goals.find_by(id: params[:id])
      redirect_to root_url, notice: "Not authorized to edit this goal" if @goal.nil?
    end

    def goal_params
      params.require(:goal).permit(:name, :like, :deadline, :accomplished, :tag_list, :comment, :private_submit)
    end
end

Goal.rb

class Goal < ActiveRecord::Base
    scope :publish, ->{ where(:conceal => false) }
    belongs_to :user
    scope :accomplished, -> { where(accomplished: true) }
    scope :unaccomplished, -> { where(accomplished: false) }
end

用户名

被private_submit一个布尔字段？

如果是这样，如果private_submit字段的值为“ true”，这是一种将显示页面设为私有的快速方法。

class GoalsController < ApplicationController

 # Remove :edit, :update, destroy, and :user_gmails from below as the action is duplicated
 before_action :set_goal, only: [:show, :like]

  def show
    ## Remove:  @goal = Goal.find(params[:id])
  end

  def like
    # Remove this as it's being called ready in set_goal: 
    # @goal = Goal.find(params[:id])
    ...
  end

  ...

  def set_goal
    @goal = Goal.find(params[:id])
    redirect_to(:back) unless @goal.user_id == current_user.id or @goal.private_submit == false
  end

end

本文收集自互联网，转载请注明来源。

如有侵权，请联系 [email protected] 删除。