is the comment form in the commentable show view , for example, comments
are displayed at the bottom of the the article, and is the same with any
commentable, you dont need this
def new
@commentable = find_commentable <===== is no needed here
@comment = Comment.new <====== this is ok
@comment.parent_id = params[:in_reply_to] if
params[:in_reply_to] <==== where is params[:in_reply_to] coming
from?
end
since the user will never go there, that is the new view .
def create
@commentable = find_commentable <=== as explained returns
@article or whatever from the /article/1 path
if @commentable.nil? # Threaded Comments <==== this will never
happen under normal circumstances
@comment = Comment.new(params[:comment]) <==== you are creating
orphan comments and will never be able to read them
else
@comment = @commentable.comments.build(params[:comment]) <
===== this is ok
end
@comment.user_id = current_user.id
<=========== this is ok , from here to the end of create
if @comment.save
flash[:success] = "Comment saved."
redirect_to polymorphic_path(@commentable)
else
flash[:error] = "Error in creating comment."
# @comments = @commentable.comments.paginate(:page => params[:page])
render 'new'
end
end
now the destroy action
def destroy
@commentable = find_commentable <== no
need to find the parent you are going to delete it
if @commentable.comments.find(params[:id]).destroy <== no ,
change this to @comment = Comment.find(params[:id])
flash[:success] = "Comment
deleted."
else
flash[:error] = "Comment could not be deleted."
end
redirect_to @commentable
end
change the above to
def destroy
@comment = Comment.find(params[:id])
if @comment.destroy
flash[:success] = "Comment
deleted."
else
flash[:error] = "Comment could not be deleted."
end
redirect_to @commentable
end
the edit
def edit
@commentable = find_commentable
@comment = @commentable.comments.find(params[:id])
@title = "Edit Comment"
# The following code allows editing directly on the article page.
# @comments = @article.comments.paginate(:page => params[:page])
# render 'articles/show'
end
same as the new , is you are editing at he show of the comentable the user
will never go to the comments edit page.
now the update
def update
@commentable = find_commentable
@comment = @commentable.comments.find(params[:id])
if @comment.update_attributes(params[:comment])
flash[:success] = "Updated Comment"
redirect_to @commentable
else
flash[:error] = "Comment update failed."
@comments = @commentable.comments.paginate(:page => params[:page])
render 'edit'
end
end
this one is ok but pay attention to render 'edit', if the user will never
go there.
and last
def correct_user
@commentable = find_commentable
redirect_to(@commentable) unless current_user.admin?
end
try using an authorization gem instead
--
You received this message because you are subscribed to the Google Groups "Ruby
on Rails: Talk" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.
