如何让用户评论

Question

所以，我希望用户能够发表评论。目前任何人都可以通过在名称字段中输入任意名称进行评论。

但我想与用户关联评论。所以在评论表单中不再需要名称字段，因为它将是用户名。

这怎么办？

我跟随了Ryan Bates的railscast，但他从未将评论与用户关联起来。

comments_controller.rb

class CommentsController < ApplicationController 
    before_action :set_comment, only: [:show, :edit, :update, :destroy] 


    def index 
    @comments = Comment.where("song_id IS NOT ?", nil) 
    end 

    def show 
    end 

    # GET /comments/new 
    def new 
    end 

    # GET /comments/1/edit 
    def edit 
    end 

    # POST /comments 
    # POST /comments.json 
    def create 
    @comment = Comment.new(comment_params)  

    respond_to do |format| 
     if @comment.save 
     format.html { redirect_to song_url(@comment.song_id), notice: 'Comment was successfully created.' } 
     format.json { render action: 'show', status: :created, location: @comment} 
     else 
     format.html { render action: 'new' } 
     format.json { render json: @comment.errors, status: :unprocessable_entity } 
     end 
    end 
    end 


    # PATCH/PUT /comments/1 
    # PATCH/PUT /comments/1.json 
    def update 
    respond_to do |format| 
     if @comment.update(comment_params) 
     format.html { redirect_to song_url(@comment.song_id), notice: 'Comment was successfully updated.' } 
     format.json { head :no_content } 
     else 
     format.html { render action: 'edit' } 
     format.json { render json: @comment.errors, status: :unprocessable_entity } 
     end 
    end 
    end 

    # DELETE /comments/1 
    # DELETE /comments/1.json 
    def destroy 
    @comment.destroy 
     redirect_to song_url(@comment.song_id) 
    end 

    private 
    # Use callbacks to share common setup or constraints between actions. 
    def set_comment 
     @comment = Comment.find(params[:id]) 
    end 

    # Never trust parameters from the scary internet, only allow the white list through. 
    def comment_params 
     params.require(:comment).permit(:song_id, :author_name, :site_url, :content, :user_id) 
    end 
end 

user.rb

class User < ActiveRecord::Base 
    # Include default devise modules. Others available are: 
    # :token_authenticatable, :confirmable, 
    # :lockable, :timeoutable and :omniauthable 
    devise :database_authenticatable, :registerable, 
     :recoverable, :rememberable, :trackable, :validatable 

    has_many :songs 
    has_many :comments 

    acts_as_voter 

end 

comment.rb

class Comment < ActiveRecord::Base 

    belongs_to :user 
    belongs_to :song 
end 

评论＃form.html.erb

<%= form_for @comment do |f| %> 
    <% if @comment.errors.any? %> 
    <div id="error_explanation"> 
     <h2><%= pluralize(@comment.errors.count, "error") %> prohibited this comment from being saved:</h2> 

     <ul> 
     <% @comment.errors.full_messages.each do |msg| %> 
     <li><%= msg %></li> 
     <% end %> 
     </ul> 
    </div> 
    <% end %> 


    <div id="comment_form"> 
    <div class="field"> 
    <%= f.hidden_field :song_id %> 
     <p> 
     <%= f.text_field :author_name, placeholder: "Name" %> 
     </p> 

     <p> 
     <%= f.text_area :content, :rows => '12', :cols => 35, placeholder: "Leave a comment..." %> 
     </p> 
     <p><%= f.submit "Submit" %></p> 
    <% end %> 
    <br /><br /> 

    </div></div> 

Answer 1

你Comment表应该有一个名为列如果user_id尚不。然后您可以分配user_id两种不同的方式。这些假设你有一个current_user方法。如果你不这样做，那么你将不得不从你正在使用的任何会话存储或方法中填写user_id。

您可以在表单中创建一个hidden_​​field以指定它。

<%= f.hidden_field :user_id, value: current_user.id %>

而是由@ rmagnum2002这说明可能是一个安全问题，由于用户可以编辑。

您可以在创建动作时给它分配：

def create 
    @comment = Comment.new(comment_params) 
    @comment.user_id = current_user.id 

    respond_to do |format| 
    if @comment.save 
     format.html { redirect_to song_url(@comment.song_id), notice: 'Comment was successfully created.' } 
     format.json { render action: 'show', status: :created, location: @comment} 
    else 
     format.html { render action: 'new' } 
     format.json { render json: @comment.errors, status: :unprocessable_entity } 
    end 
    end 
end 

创建行动可能是最好的控制器分配这一点。