为用户进行 Rails 建模
在构建允许用户登录和创建数据的 Rails 应用程序时,是否最好在每个模型上设置一个 belongs_to :user
关联?例如,假设用户可以创建收藏夹、颜色和标签。
假设收藏夹 has_many :tags
和颜色也是 has_many :tags
。假设用户是唯一有权编辑这些标签的人,那么标签belong_to :user
仍然很重要吗?
还有一个类似的问题:当更新 FavoritesController
中的数据时,我得出的结论是,您通过始终执行类似 current_user.favorites.find(param[ :id].update_attributes(param[:favorite])
这样他们肯定只能更新属于他们的模型,对吧?
更新 对任何答案都不太满意,因为没有人真正回答我的问题,而是遵循仅作为示例的标签模型,建议更好的方法来做到这一点,并且模型应该属于:用户我还发现了一些很好的安全提示。我的问题在这里: http://asciicasts.com/episodes/178-seven-security-提示
When building a rails app that allows a User to login and create data, is it best to setup a belongs_to :user
association on every single model? For example, let's say a user can create Favorites, Colors and Tags.
And let's say Favorites has_many :tags
and Colors also has_many :tags
. Is it still important for Tags to belong_to :user
assuming the User is the only person who has authority to edit those tags?
And a similar question along the same lines: When updating data in FavoritesController
, I've come to the conclusion that you perform CRUD operations by always doing something like current_user.favorites.find(param[:id].update_attributes(param[:favorite])
so that they can definitely only update models that belong to them. Right?
Update Wasn't too happy with any of the answers, as no one really answered my question but instead went after the for-example-only Tags model suggesting better ways to do that. I'm assuming I was right, and models should belong_to :user. I also discovered some great security tips that address my questions here: http://asciicasts.com/episodes/178-seven-security-tips
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
当您描述标签时,它们似乎更像是一个方面,因此您可以将它们实现为多态关联。但您应该进行多对多操作,因为标签可以在用户和可标记对象之间重复使用。我们将连接模型称为
Tagging
,如果您想记住谁创建了标记,则该模型将属于用户。至于收藏夹更新,我同意你的观点:你将主要在用户范围内工作(很可能是当前登录的用户)。
As you describe the tags it seems that they are more of an aspect, so you can implement them as a polymorphic association. But you should do it many-to-many, as tags can be reused among users and taggable objects. Let's call the join model
Tagging
, which will be the one that belongs to user if you want to remember who created the tagging.As for the Favorite updating, I agree with you: you will mostly work within the scope of a user (most likely the currently logged in user).
这取决于您的型号。这两种情况都是有效的,但我不赞成建立这样的循环关系。拥有层次结构更加灵活。例如:用户->收藏夹->标签(除非您也想标记用户)
我猜您的意思是(语法)。调用该 URL 的人将执行该操作。不要相信该 URL 仅对一个用户(收藏夹的所有者)可见。您应该检查当前登录的用户是唯一对属于他的对象执行操作的用户。
It depends on your model. Both cases are valid but I'd discorage making a circular relationships like that. Having a hierarchy is more flexible. For example: User->Favorites->Tags (unless you want to tag users as well)
is what you mean I guess (syntax). Whoever calls the URL will perform that action. Dont rely on the fact that that URL is visible to one user only (owner of the favorite). You should have checks in place that the currently logged in user is the only one performing actions on the objects that belong to him.
所提出的机制对我来说听起来有点太复杂了。我更喜欢
current_user
方式。假设您的身份验证系统中有一个current_user
(遵循authlogic方式),然后简单地在每个相关表中添加一个用户references
(user_id)。通过控制器过滤器
更新新记录或更新记录的current_user
。在模型中,相应地放置相关的
belongs_to :users
,如果需要,在用户模型中放置足够的has_many
。The proposed mechanism sounds a bit too complex for me. I prefer the
current_user
way. Assume there is acurrent_user
(following the authlogic way) in your authentication system, then simple add a userreferences
(user_id) in every relevant table. Update thecurrent_user
for new or update record via a controllerfilter
.In the models, put relevant
belongs_to :users
accordingly, put enoughhas_many
in users model if needed.AR 中的 :has_many 和 :belongs_to 将解释模型之间的关系,但不一定必须在模型中使用它们,它们之间的关联已经作为外键存在于表中。
但是添加 :has_many 或 :belongs_to 到你的模型将为你的模型提供额外的方法
:
如果你提到 has_many ,它会在你的模型中提供一个名为 favorites 的新方法,该方法将是不可见的(将出现在 AR 中)。
同样,对于任何关联,如果您计划使用这种方法,则应该在模型中使用关联。
:has_many and :belongs_to in AR will explains the relationship between models, but not necessarily you have to use them in your models, the associaton between them will be already present in the tables as a foreign key.
But adding :has_many or :belongs_to to your models will give you extra methods to your model
ex:
If you mention has_many it will give a new method in your model called favorites, that method will be invisible (will be present in the AR).
Similarly for any association, if you are planning to use this kind of methods you should use associations in your models.