tags:

views:

20

answers:

1
Q: 

[rails3] comments not saving post_id

Im running into a small (newbie) problem.

I've got 2 models: question & reviews.

Reviews schema: question_id, user_id, rating, comments

On the 'show' view, i've integrated the following form (formtastic):

  - semantic_form_for @question.reviews.build do |f|
    = f.error_messages
    = f.input :rating 
    = f.input :comments
    = f.buttons

My reviews controller's create action looks like this:

  def create
    @review = Review.new(params[:review])
    @review.user_id = current_user.id

    if @review.save
      flash[:notice] = "Successfully created review."
      redirect_to(@review.question)
    else
      redirect_to(@review.question)
    end
  end

However, now it simply doesnt seem to save the question id in the question_id field. It does save the user_id nicely.

Does anyone have a clue of what Im doing wrong? If you need logs, let me know! Thanks in advance

+1  A: 

you need to add a hidden field for the question id on your form. something like

f.hidden_field :question_id

To be more specific, user_id is saved because you're assigning it in the controller. You need to pass in the question_id from the form to the controller for it to be saved as well.

semanticart  2010-09-30 17:03:38
thx, i figured this could be a solution yes. But, cant the user simply change the value of the field so it changes the value of another question? i thought adding it in the controller would be safer? Or is this no factor? thx again!
Maurice Kroon  2010-09-30 17:07:09
You're right that you shouldn't trust anything you don't want potentially altered by the user to hidden fields. You should always do some sort of permissions check to see if the user is able to do what they're trying to do. Ideally that responsibility is encapsulated in an authorization module (i.e. cancan) rather than trying to enforce it in the controller action.Meaning that you should either have a before filter that bails if they don't have permissions *or* the @review.save should fail if they don't have permissions.
semanticart  2010-10-02 15:09:52

related questions

Best place to get Ruby on Vista up and running as dev environment
How can I encode xml files to xfdl (base64-gzip)?
What is the best way to learn Ruby?
Learning Ruby on Rails any good for Grails?
How to sell Python to a client/boss/person with lots of cash
How do I create a Class using the Singleton Design Pattern in Ruby?
How do I update Ruby Gems from behind a Proxy (ISA-NTLM)
Why Should I Learn Ruby?
How do I create a new Ruby on Rails application using MySQL instead of SQLite?
How do I rake tasks within a ruby script?
Ruby On Rails with Windows Vista - Best Setup?
Mapping values from two array in Ruby
Reverse DNS in Ruby?
Text Editor For Linux (Besides Vi)?
What is good forum software to add to an existing Rails application?
Calling Bash Commands From Ruby
How can I modify .xfdl files? (Update #1)
How do I use (n)curses in Ruby?
Open Source Ruby Projects
How do I fix 'Unprocessed view path found' error with ExceptionNotifier plugin in rails 2.1?
When to use lambda, when to use Proc.new?
Frequent SystemExit in Ruby when making HTTP calls
Implementation of "Remember me" in a Rails application.
.NET Migrations Engine
How do I add existing comments to RDoc in Ruby?