Re: [Rails] Newbie code review

Ruby on Rails Sunday, June 28, 2015

On 28 June 2015 at 18:01, Federicko <fedomain@gmail.com> wrote:
> Hi All,
>
> I am learning rails at the moment and have gone through one of the tutorials
> on the rails website for creating a simple blog system.
> I have added some new features to it and it is working great.
> However, I would like to show someone my code and see if it is the right or
> most efficient way of achieve this.
>
> This system is based on the blog system from the Getting Started with Rails
> guide which can be found on
> http://guides.rubyonrails.org/getting_started.html
>
> I simply added a rank up/rank down function to the blog system:
>
> First, in my routes.rb I added:
>
> resources :articles do
> resources :comments
> member do
> get 'rankup'
> get 'rankdown'
> end
> end
>
> Then, in my controller I added two new actions:
>
> def rankup
> @this_article = Article.find(params[:id])
> @new_rank = @this_article.rank.to_i-1
> @prev_article = Article.find_by(rank: @new_rank)
>
> @prev_article.rank = @this_article.rank
> @this_article.rank = @new_rank
>
> @this_article.save
> @prev_article.save
> redirect_to articles_path
> end
>
> def rankdown
> @this_article = Article.find(params[:id])
> @new_rank = @this_article.rank.to_i+1
> @next_article = Article.find_by(rank: @new_rank)
>
> @next_article.rank = @this_article.rank
> @this_article.rank = @new_rank
>
> @this_article.save
> @next_article.save
> redirect_to articles_path
> end


Don't use GET for actions which change the database, always use POST
for such actions. Otherwise imagine the chaos that could be induced
when Google scrapes your site following all the links and accidentally
tries to rankup/down.

In fact Elizabeth (or should that be Ms McGurty?) is correct to
suggest that the actions might be better rolled into the update
action. You can add parameters to the action to indicate what the
action is.

Colin

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe@googlegroups.com.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/CAL%3D0gLuO_ZkNOJD5POS7j3_AAG-Y45JusOEL4%2BFf0a-4LoMzuw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Posted by Ruby on Rails at 2:25 PM

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)