Friday, March 7, 2014
Thanks Dave, been spending days cleaning up my code based on your suggestions and pretty proud of it now.
On Wednesday, March 5, 2014 1:10:24 AM UTC+8, Dave Aronson wrote:
-- I've a dilemma now with CanCan vs Nested Resources in Routes.rb:
In Routes.rb:
resources :users do
resources :orders do
collection do
get :payment_received
end
end
end In orders_controller.rb:
def payment_received
@user = User.find(params[:user_id])
@orders = Order.where(seller_id: @user.id).order("id ASC")
render 'payment_received'
end
In ability.rb:
can :payment_made, Order, :user_id => user.id
The problem
With the following route:
payment_received_user_orders GET /users/:user_id/orders/payment_received(.:format) orders#payment_received
Through CanCan, I can't seem to enforce the ":user_id => user.id" whereby the current_user can only see his own payment_received (based on his own user_id) and not someone else's payment_received.
On Wednesday, March 5, 2014 1:10:24 AM UTC+8, Dave Aronson wrote:
On Mon, Mar 3, 2014 at 4:01 PM, Brandon <wong...@gmail.com> wrote:
> This is what my User/Create looks like after rethinking my controller. Does
> it need more work to make it slimmer?
I've seen (and even made) much worse, but this can be slimmed down
fairly easily. The sign_in and that big if-statement, have nothing to
do with what screen to show next, data to show there other than what's
already in some already-used model, or other such things that properly
belong in the controller. So, they can be extracted and put into the
User model, though you may need to pass in the current_order_id and
current_follow_id. You'd wind up with something like:
def create
user.updating_password = true
if user.save
user.process_initial_session(current_order_id, current_follow_id)
redirect_back_or root_url, flash => { :success => 'Welcome!' }
else
render 'new'
end
end
where user.process_initial_session (or whatever you choose to call it;
could be welcome, set_up_stuff, link_to_order_or_followers, whatever,
depending what else you may want to put in it) encapsulates all that
extracted stuff.
-Dave
--
Dave Aronson, the T. Rex of Codosaurus LLC (www.codosaur.us);
FREELANCE SOFTWARE DEVELOPER, AVAILABLE AS OF MARCH 1st 2014;
creator of Pull Request Roulette, at PullRequestRoulette.com.
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe@googlegroups.com.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/c6945e58-880c-4722-a5f0-7599747a9c43%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment