如何隐藏“私人"显示其他用户的页面? [英] How to Hide "Private" Show Pages from Other Users?
本文介绍了如何隐藏“私人"显示其他用户的页面?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
换句话说,如果用户输入例如:
In other words if a user types in for example:
http://0.0.0.0:3000/goals/3
即使用户将其提交为私人",他们也能看到该用户的目标.这是我忽略的事情,因为通过私人"提交隐藏了用户个人资料和提要的目标,但如果另一个用户直接通过 url 搜索它,则不会.
they will be able to see that user's goal even if the user submitted it as "private". This is something I had overlooked because as it stands submitting via "private" hides the goal from the user's profile and the feed, but not if another user directly searches for it via the url.
我们如何解决这个问题?
How can we fix this?
goals_controller
class GoalsController < ApplicationController
before_action :set_goal, only: [:show, :edit, :update, :destroy, :like, :user_goals]
before_action :logged_in_user, only: [:create, :destroy]
before_action :correct_user, only: [:edit, :update, :destroy]
def index
if params[:tag]
@goals = Goal.tagged_with(params[:tag])
elsif params[:user_id]
@accomplished_goals = User.find(params[:user_id]).goals.accomplished.order("deadline")
@unaccomplished_goals = User.find(params[:user_id]).goals.unaccomplished.order("deadline")
else
@accomplished_goals = current_user.goals.accomplished.order("deadline")
@unaccomplished_goals = current_user.goals.unaccomplished.order("deadline")
end
end
def user_goals
@goals = Goal.find_by({user_id: params[:user_id]})
render :index # or some other view
end
def show
@goal = Goal.find(params[:id])
@commentable = @goal
@comments = @commentable.comments
@comment = Comment.new
@notable = @goal
@notes = @notable.notes
@note = Note.new
@correct_user = current_user.goals.find_by(id: params[:id])
end
def new
@goal = current_user.goals.build
end
def edit
end
def create
@goal = current_user.goals.build(goal_params)
if (params[:commit] == 'conceal')
@goal.conceal = true
@goal.save
redirect_to @goal, notice: 'Goal was successfully created'
elsif
@goal.save
track_activity @goal
redirect_to @goal, notice: 'Goal was successfully created'
else
flash.now[:danger] = 'Required Field: "Enter Goal"'
render 'new'
end
end
def update
if @goal.update(goal_params)
redirect_to goals_url, notice: 'Goal was successfully updated'
else
render action: 'edit'
end
end
def destroy
@goal.destroy
redirect_to goals_url
end
def like
@goal = Goal.find(params[:id])
@goal_like = current_user.goal_likes.build(goal: @goal)
if @goal_like.save
@goal.increment!(:likes)
flash[:success] = 'Thanks for liking!'
else
flash[:error] = 'Two many likes'
end
redirect_to(:back)
end
private
def set_goal
@goal = Goal.find(params[:id])
end
def correct_user
@goal = current_user.goals.find_by(id: params[:id])
redirect_to root_url, notice: "Not authorized to edit this goal" if @goal.nil?
end
def goal_params
params.require(:goal).permit(:name, :like, :deadline, :accomplished, :tag_list, :comment, :private_submit)
end
end
目标.rb
class Goal < ActiveRecord::Base
scope :publish, ->{ where(:conceal => false) }
belongs_to :user
scope :accomplished, -> { where(accomplished: true) }
scope :unaccomplished, -> { where(accomplished: false) }
end
推荐答案
private_submit 是一个布尔字段吗?
如果是这样,如果 private_submit 字段的值为true",这里有一种快速的方法可以将显示页面设为私有.
If so, here's a quick way to make the show page private if the private_submit field has a value of "true".
class GoalsController < ApplicationController
# Remove :edit, :update, destroy, and :user_gmails from below as the action is duplicated
before_action :set_goal, only: [:show, :like]
def show
## Remove: @goal = Goal.find(params[:id])
end
def like
# Remove this as it's being called ready in set_goal:
# @goal = Goal.find(params[:id])
...
end
...
def set_goal
@goal = Goal.find(params[:id])
redirect_to(:back) unless @goal.user_id == current_user.id or @goal.private_submit == false
end
end
这篇关于如何隐藏“私人"显示其他用户的页面?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文