Reputation: 523
How can I invoke the create method of an object with another object's id?
I am trying to build a gallery with commenting function. Consider there are 3 classes: Album, Photo, Comment. The relation of these objects are Album has many Photos, Photo has many Comments.
Each Comment is left by registered user, thus in the comment object there are comment_text, user_id, and photo_id (Referring to the photo which the comment belongs).
I am trying to create a comment form under each photo's "show" view. Here is some of the Controller and the Show view:
controllers/photos_controller.rb
class PhotosController < ApplicationController
...
def show
@photo = Photo.find(params[:id])
@new_comment = @photo.comments.build if user_signed_in?
@comment_items = @photo.comments.paginate(page: params[:page])
end
...
end
views/photos/show.html.erb
...
<%= form_for @new_comment, html: {method: :post} do |c| %>
<div class="row">
<div class="span">
<%= image_tag current_user.avatar.url(:thumb) %>
</div>
<div class="span">
<p><%= c.label "Enter your comment here:" %></p>
<p><%= c.text_area :comment_text %></p>
<p><%= c.submit "Submit Comment", class: "btn btn-tiny" %></p>
</div>
</div>
<% end %>
So the problem is when I am writing the CommentsController, I do not know how to pass the photo's id (photo_id) from the previous "show" page to the create method. Is it only possible if a pass it thru via a hidden field in the form? Are there any more elegant way in Rails to do so? Besides, a point on security, if I retrieve the photo_id via a hidden field, will someone be able to write a specific "post" request so that it post comments to all photos in the album? (like spammer in the php's forum long time ago..)
Thank you for reading this and thanks in advance for answering!
Upvotes: 0
Views: 113
Answers (1)
Reputation: 20232
take a look at the rails guides on nested resources http://guides.rubyonrails.org/routing.html#nested-resources
your routes would have something like this.
resources :photos do
resources :comments
end
your photo controller would stay the same, but your comments controller would need to lookup the photo from the url
class CommentsController < ApplicationController
before_action :get_photo
def create
@photo.comments.create(params.require(:comment).permit(:comment_text))
....
end
...
def get_photo
@photo = Photo.find(params[:photo_id])
end
end
and the photo view would have
<%= form_for [@photo,Comment.new], html: {method: :post} do |c| %>
<div class="row">
<div class="span">
<%= image_tag current_user.avatar.url(:thumb) %>
</div>
<div class="span">
<p><%= c.label "Enter your comment here:" %></p>
<p><%= c.text_area :comment_text %></p>
<p><%= c.submit "Submit Comment", class: "btn btn-tiny" %></p>
</div>
</div>
<% end %>
which should invoke the new_photo_comment_path
as for the user_id i would just grabbed that from the user_signed_in helper. Since you already have them logged in, no sense in passing it in from the web.
Upvotes: 1
Related Questions
- getting Id from created record in rails
- Pass parameter of current object into create method Rails
- Pass new object id within create controller ruby on rails
- Getting value of object id from new method to create
- Create object with correct ID in Rails 4
- Passing parent model's id to child's new and create action on rails
- How do I pass a parameter from my new method to my create method in Rails?
- Rails. Create two objects at the same time, one of which uses the id of the other
- create new object with params from other object
- need to generate an object on create that contains the id