I've been searching all over and can't find the answer to this anywhere.
I'm taking the intro to RoR course on udemy, and I've been able to solve all the problems I've had in the first 80% of the course, but now I'm at a roadblock and can't find this. We're building an app like Etsy, and I'm at the point where I need to restrict users from editing/deleting listings that don't belong to them.
I'm running Ruby 1.9.3 on Rails 3.2.21
I tried following the instructions for adding the check user filter, but when I checked back on local host, I received this error:
NoMethodError in ListingsController#edit
undefined method `user' for nil:NilClass
app/controllers/listings_controller.rb:98:in `check_user'
Parameters: {"id"=>"8"}
My code matches the instructor's code exactly, but I think this error is because I'm using Rails 3, and he's using 4.
Here's my listings_controller.rb
class ListingsController < ApplicationController
# GET /listings
# GET /listings.json
before_filter :authenticate_user!, only: [:new, :create, :edit, :update, :destroy]
before_filter :check_user, only: [:edit, :update, :destroy]
def index
@listings = Listing.all
respond_to do |format|
format.html # index.html.erb
format.json { render json: @listings }
end
end
# GET /listings/1
# GET /listings/1.json
def show
@listing = Listing.find(params[:id])
respond_to do |format|
format.html # show.html.erb
format.json { render json: @listing }
end
end
# GET /listings/new
# GET /listings/new.json
def new
@listing = Listing.new
respond_to do |format|
format.html # new.html.erb
format.json { render json: @listing }
end
end
# GET /listings/1/edit
def edit
@listing = Listing.find(params[:id])
end
# POST /listings
# POST /listings.json
def create
@listing = Listing.new(params[:listing])
@listing.user_id = current_user.id
respond_to do |format|
if @listing.save
format.html { redirect_to @listing, notice: 'Listing was successfully created.' }
format.json { render json: @listing, status: :created, location: @listing }
else
format.html { render action: "new" }
format.json { render json: @listing.errors, status: :unprocessable_entity }
end
end
end
# PUT /listings/1
# PUT /listings/1.json
def update
@listing = Listing.find(params[:id])
respond_to do |format|
if @listing.update_attributes(params[:listing])
format.html { redirect_to @listing, notice: 'Listing was successfully updated.' }
format.json { head :no_content }
else
format.html { render action: "edit" }
format.json { render json: @listing.errors, status: :unprocessable_entity }
end
end
end
# DELETE /listings/1
# DELETE /listings/1.json
def destroy
@listing = Listing.find(params[:id])
@listing.destroy
respond_to do |format|
format.html { redirect_to listings_url }
format.json { head :no_content }
end
end
private
def set_listing
@listing = Listing.find(params[:id])
end
def listing_params
params.require(:listing).permit(:name, :description, :price, :image)
end
def check_user
if current_user != @listing.user
redirect_to root_url, alert: "Sorry, this listing belongs to someone else."
end
end
end
The code that we had to add for this is the second before_filter and the def check_user
If any other information is needed to help answer this, please let me know.
Aucun commentaire:
Enregistrer un commentaire