防止用户在 Rails 中多次投票
我在博客模型中设置了一个简单的评级系统。我使用自定义方法来提高评分,该评分是博客数据库中的整数。
def increase
@post = Post.find(params[:id]).increment!(:rating)
if logged_in?
current_user.increment!(:votes)
end
flash[:notice] = "Thanks for rating"
redirect_to posts_url
end
现在,我可以随心所欲地投票,这当然会带来灾难。用户可以多次投票并推动投票数大幅上升。
如何使投票提交按钮在提交一次后消失。我想过制作一个单独的评级模型并使用自定义令牌,但对于一个简单的应用程序来说似乎不必要地复杂。
有什么帮助吗?
森蒂尔
I've a simple rating system setup in a blog model. I use a custom method to increase rating, which is integer in blog db.
def increase
@post = Post.find(params[:id]).increment!(:rating)
if logged_in?
current_user.increment!(:votes)
end
flash[:notice] = "Thanks for rating"
redirect_to posts_url
end
Right now, I can vote as many times as I want, which is of course a recipe for disaster. Users can vote multiple times and drive the count way way up.
How do I make it so that the vote submit button go away after submitting it once. I thought of making a separate model for rating and use a custom token, but seems needlessly complicated for a simple app.
Any help?
Senthil
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
实现此目的的一种方法是拥有 Post 模型和 RatedPost 模型。这
RatedPost 模型可能包含类似信息
递增:布尔值、递减:布尔值、changed_by:整数(user_id)、post_id:整数。然后,您可以确定
RatedPost.find_by_post_id_and_changed_by(post.id, user.id)是否返回任何记录。您还可以确定点是增加还是减少。因此,您可以允许用户在一段时间内(例如 24 小时)更改他的投票。
One way of doing this would be to have your Post model and a RatedPost model. The
RatedPost model could contain info like
incremented:boolean,decremented:boolean,changed_by:integer (user_id),post_id:integer.You can then identify if
RatedPost.find_by_post_id_and_changed_by(post.id, user.id)returns any records.You can also identify if the points were incremented or decremented. Thus you can allow a user to change his vote for a certain period of time (say 24 hours).
您要么需要保留一个包含对特定主题/帖子投票的用户的列表,要么需要保留一个附加到每个用户的列表,其中包含用户投票的帖子。是否将信息与帖子或用户一起存储是您的选择,并且可能取决于您的应用程序要求。
当显示包含投票按钮的页面时,您必须检查
current_user是否已经投票。如果已经投票,则不显示该按钮。出于安全原因,您可能还想检查用户是否在上面显示的代码中投票,以防止在不使用按钮的情况下投票。如果您还允许未登录的人投票,则需要存储他们的 IP 地址或其他内容。
You either need to keep a list with users who votes on a particular subject/post or you need to keep a list attached to each user containing the posts the user voted on. Whether you store the information along with the posts or users is your choice and probably depends on your application requirements.
When displaying the page containing the vote button, you have to check whether the
current_useralready voted or not. And do not show the button if a vote was cast already. For safety reasons you might want to also check whether an user voted in the code you showed above, in order to prevent voting without using the button.If you also allow people who are not logged in to vote, you'd need to store their IP address or something.