Thanks Dave, been spending days cleaning up my code based on your
suggestions and pretty proud of it now.
I've a dilemma now with CanCan vs Nested Resources in Routes.rb:
*In Routes.rb:*
resources :users do
resources :orders do
collection do
get :payment_received
end
end
end
*In orders_controller.rb:*
def payment_received
@user = User.find(params[:user_id])
@orders = Order.where(seller_id: @user.id).order("id ASC")
render 'payment_received'
end
*In ability.rb:*
can :payment_made, Order, :user_id => user.id
*The problem*
With the following route:
payment_received_user_orders GET
/users/:user_id/orders/payment_received(.:format)
orders#payment_received
Through CanCan, I can't seem to enforce the ":user_id => user.id" whereby
the *current_user* can only see his own payment_received (based on his own
user_id) and not someone else's payment_received.
On Wednesday, March 5, 2014 1:10:24 AM UTC+8, Dave Aronson wrote:
>
> On Mon, Mar 3, 2014 at 4:01 PM, Brandon <[email protected] <javascript:>>
> wrote:
>
> > This is what my User/Create looks like after rethinking my controller.
> Does
> > it need more work to make it slimmer?
>
> I've seen (and even made) much worse, but this can be slimmed down
> fairly easily. The sign_in and that big if-statement, have nothing to
> do with what screen to show next, data to show there other than what's
> already in some already-used model, or other such things that properly
> belong in the controller. So, they can be extracted and put into the
> User model, though you may need to pass in the current_order_id and
> current_follow_id. You'd wind up with something like:
>
> def create
> user.updating_password = true
> if user.save
> user.process_initial_session(current_order_id, current_follow_id)
> redirect_back_or root_url, flash => { :success => 'Welcome!' }
> else
> render 'new'
> end
> end
>
> where user.process_initial_session (or whatever you choose to call it;
> could be welcome, set_up_stuff, link_to_order_or_followers, whatever,
> depending what else you may want to put in it) encapsulates all that
> extracted stuff.
>
> -Dave
>
> --
> Dave Aronson, the T. Rex of Codosaurus LLC (www.codosaur.us);
> FREELANCE SOFTWARE DEVELOPER, AVAILABLE AS OF MARCH 1st 2014;
> creator of Pull Request Roulette, at PullRequestRoulette.com.
>
--
You received this message because you are subscribed to the Google Groups "Ruby
on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/rubyonrails-talk/c6945e58-880c-4722-a5f0-7599747a9c43%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
