Tuesday, June 2, 2015
On Wednesday, June 3, 2015 at 6:31:41 AM UTC+1, fizzi wrote:
I made this code but someone told me it was flawedHow would you improve this piece of code in the reviewcontroller (mainly the namereview method)?
Looking just at that method:
- I wouldn't call it namereview - that seems to suggest that it sets a review name but it doesn't. I'd call it update, and make it behave like a normal update method (i.e. it should use params[:review][:description]). You can leave it only updating the description attribute, but at least bring the semantics closer to the 'normal' update action
- 422 is the usual http status for failed validations
- your code seems to let anyone edit any review - not sure if that is appropriate.
Fred
before_action :set_reviews, only: [:show, :edit, :update, :destroy]
def index
@reviews = Review.all
end
def namereview
@review = Review.find(params[:id])
if @review.update_attribute(:description , sanitize(params[:description]))
format.json { render json: { status: 200 } }
else
format.json { render json: { status: 500 } }
end
end
end
Thanks in advance
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe@googlegroups.com.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/5082e59f-1ce9-44f2-8f7d-506284781d9d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment