为用户进行 Rails 建模

发布于 2024-09-01 21:22:20 字数 694 浏览 5 评论 0原文

在构建允许用户登录和创建数据的 Rails 应用程序时,是否最好在每个模型上设置一个 belongs_to :user 关联?例如,假设用户可以创建收藏夹、颜色和标签。

假设收藏夹 has_many :tags 和颜色也是 has_many :tags。假设用户是唯一有权编辑这些标签的人,那么标签belong_to :user仍然很重要吗?

还有一个类似的问题:当更新 FavoritesController 中的数据时,我得出的结论是,您通过始终执行类似 current_user.favorites.find(param[ :id].update_attributes(param[:favorite]) 这样他们肯定只能更新属于他们的模型,对吧?

更新 对任何答案都不太满意,因为没有人真正回答我的问题,而是遵循仅作为示例的标签模型,建议更好的方法来做到这一点,并且模型应该属于:用户我还发现了一些很好的安全提示。我的问题在这里: http://asciicasts.com/episodes/178-seven-security-提示

When building a rails app that allows a User to login and create data, is it best to setup a belongs_to :user association on every single model? For example, let's say a user can create Favorites, Colors and Tags.

And let's say Favorites has_many :tags and Colors also has_many :tags. Is it still important for Tags to belong_to :user assuming the User is the only person who has authority to edit those tags?

And a similar question along the same lines: When updating data in FavoritesController, I've come to the conclusion that you perform CRUD operations by always doing something like current_user.favorites.find(param[:id].update_attributes(param[:favorite]) so that they can definitely only update models that belong to them. Right?

Update Wasn't too happy with any of the answers, as no one really answered my question but instead went after the for-example-only Tags model suggesting better ways to do that. I'm assuming I was right, and models should belong_to :user. I also discovered some great security tips that address my questions here: http://asciicasts.com/episodes/178-seven-security-tips

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(4

萌梦深 2024-09-08 21:22:20

当您描述标签时,它们似乎更像是一个方面,因此您可以将它们实现为多态关联。但您应该进行多对多操作,因为标签可以在用户和可标记对象之间重复使用。我们将连接模型称为Tagging,如果您想记住谁创建了标记,则该模型将属于用户。

class Tag < ActiveRecord::Base
  has_many :taggings, :dependent => :destroy
  has_many :colors, :through => :taggings, :source => :taggable, :source_type => "Color"
  has_many :favorites, :through => :taggings, :source => :taggable, :source_type => "Favorite"
end

class Tagging < ActiveRecord::Base
  belongs_to :user
  belongs_to :taggable, :polymorphic => true
  belongs_to :tag  
end

class Color < ActiveRecord::Base
  belongs_to :user
  has_many :taggings, :as => :taggable
  has_many :tags, :through => :taggings
end

class Favorite < ActiveRecord::Base
  belongs_to :user
  has_many :taggings, :as => :taggable
  has_many :tags, :through => :taggings
end

class User < ActiveRecord::Base
  has_many :favorites
  has_many :colors
  has_many :taggings
  has_many :tags, :through => :taggings
end

至于收藏夹更新,我同意你的观点:你将主要在用户范围内工作(很可能是当前登录的用户)。

As you describe the tags it seems that they are more of an aspect, so you can implement them as a polymorphic association. But you should do it many-to-many, as tags can be reused among users and taggable objects. Let's call the join model Tagging, which will be the one that belongs to user if you want to remember who created the tagging.

class Tag < ActiveRecord::Base
  has_many :taggings, :dependent => :destroy
  has_many :colors, :through => :taggings, :source => :taggable, :source_type => "Color"
  has_many :favorites, :through => :taggings, :source => :taggable, :source_type => "Favorite"
end

class Tagging < ActiveRecord::Base
  belongs_to :user
  belongs_to :taggable, :polymorphic => true
  belongs_to :tag  
end

class Color < ActiveRecord::Base
  belongs_to :user
  has_many :taggings, :as => :taggable
  has_many :tags, :through => :taggings
end

class Favorite < ActiveRecord::Base
  belongs_to :user
  has_many :taggings, :as => :taggable
  has_many :tags, :through => :taggings
end

class User < ActiveRecord::Base
  has_many :favorites
  has_many :colors
  has_many :taggings
  has_many :tags, :through => :taggings
end

As for the Favorite updating, I agree with you: you will mostly work within the scope of a user (most likely the currently logged in user).

小巷里的女流氓 2024-09-08 21:22:20

这取决于您的型号。这两种情况都是有效的,但我不赞成建立这样的循环关系。拥有层次结构更加灵活。例如:用户->收藏夹->标签(除非您也想标记用户)

User.favorites.find(params[:id]).update_attributes(param[:favorite])

我猜您的意思是(语法)。调用该 URL 的人将执行该操作。不要相信该 URL 仅对一个用户(收藏夹的所有者)可见。您应该检查当前登录的用户是唯一对属于他的对象执行操作的用户。

It depends on your model. Both cases are valid but I'd discorage making a circular relationships like that. Having a hierarchy is more flexible. For example: User->Favorites->Tags (unless you want to tag users as well)

User.favorites.find(params[:id]).update_attributes(param[:favorite])

is what you mean I guess (syntax). Whoever calls the URL will perform that action. Dont rely on the fact that that URL is visible to one user only (owner of the favorite). You should have checks in place that the currently logged in user is the only one performing actions on the objects that belong to him.

⊕婉儿 2024-09-08 21:22:20

所提出的机制对我来说听起来有点太复杂了。我更喜欢 current_user 方式。假设您的身份验证系统中有一个current_user(遵循authlogic方式),然后简单地在每个相关表中添加一个用户references(user_id)。通过控制器过滤器更新新记录或更新记录的current_user

在模型中,相应地放置相关的belongs_to :users,如果需要,在用户模型中放置足够的has_many

The proposed mechanism sounds a bit too complex for me. I prefer the current_user way. Assume there is a current_user (following the authlogic way) in your authentication system, then simple add a user references (user_id) in every relevant table. Update the current_user for new or update record via a controller filter.

In the models, put relevant belongs_to :users accordingly, put enough has_many in users model if needed.

扛刀软妹 2024-09-08 21:22:20

AR 中的 :has_many 和 :belongs_to 将解释模型之间的关系,但不一定必须在模型中使用它们,它们之间的关联已经作为外键存在于表中。

但是添加 :has_many 或 :belongs_to 到你的模型将为你的模型提供额外的方法


class User < ActiveRecord::Base
 has_many :favorites

#def 最爱 # 最喜欢的.find_all_by_user_id(self.id) # 结尾 结尾

如果你提到 has_many ,它会在你的模型中提供一个名为 favorites 的新方法,该方法将是不可见的(将出现在 AR 中)。

同样,对于任何关联,如果您计划使用这种方法,则应该在模型中使用关联。

:has_many and :belongs_to in AR will explains the relationship between models, but not necessarily you have to use them in your models, the associaton between them will be already present in the tables as a foreign key.

But adding :has_many or :belongs_to to your models will give you extra methods to your model

ex:


class User < ActiveRecord::Base
 has_many :favorites

#def favorites # Favorite.find_all_by_user_id(self.id) # end end

If you mention has_many it will give a new method in your model called favorites, that method will be invisible (will be present in the AR).

Similarly for any association, if you are planning to use this kind of methods you should use associations in your models.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文