One word that left an impression on the mentor was ~ There is a difference in level to be able to write Rails. ~ ~ RSpec is an essential technology. ~
example.html.haml
<div class="haml">
<h1>Hello Haml!</h1>
</div>
.haml
%h1 Hello Haml!
routes.rb
#Post is the parent, and Comment and Like are the children.
resources :posts do
resources :comments, only: [:create, :destroy]
resources :likes, only: [:show,:create, :destroy]
end
Moreover, you can bring two IDs from the URL! ↓
post_comments POST /posts/:post_id/comments(.:format) comments#create
post_comment DELETE /posts/:post_id/comments/:id(.:format) comments#destroy
post_likes POST /posts/:post_id/likes(.:format) likes#create
post_like GET /posts/:post_id/likes/:id(.:format) likes#show
DELETE /posts/:post_id/likes/:id(.:format) likes#destroy
#It's hard to understand, so let's make it even more
Make the logic used many times a model method, make it DRY ↓
example.html.haml
- - if current_user.id == post.user_id #I had a bad face when I wrote it directly
+ - post.created_user?(current_user)
%p you are the person who posted
post.rb
#Define model method
def created_user?(user)
self.user_id == user.id
end
In the controller, calling a method directly from the model can easily lead to a security hole. Basically, the whole target is irregular, and it is almost nonexistent. ↓
example_controller.rb
def new
- @post = Post.new #Wrong ID may be entered
+ @post = current_user.posts.build #current_range of user(scope)
end
#If you really want to use the capital letter model, you have to do it or put your hand on your chest before deciding.
Make the common part in the controller a private method and keep it in DRY with before_action ↓
example_controller.rb
before_action :set_post
#abridgement
private
def set_post
@post = current_user.posts.find(params[:id])
end
#Don't make the controller fat, let's make it slim
For save and destroy methods that almost never fail except for factors such as server troubles in the Internet environment! ↓
example_controller.rb
def destroy
@post.destroy!
flash[:notice] = "Deleted post"
redirect_to posts_path
end
Make it a constant so that it is easy for the whole person to understand. Define a constant in the model and call it in the controller. ↓
example_controller.rb
#ex_model.rb
PER_COMMENT = 5
#example_controller.rb
@comments = @post.comments.page(params[:page]).per(Ex_model::PER_COMMENT).order(created_at: :desc)
#Model name::Constant name
Originally write a test and write a method while checking for failures (TDD, test-driven development)
post_spec.rb
describe "#created_user?" do
let(:user) { FactoryBot.create(:user) } #The person
let(:other_user) { FactoryBot.create(:user) } #others
let(:post) { FactoryBot.create(:post, user: user) } #Posted by the person
context "For the same user as the logged-in user" do
it "Returning true" do
expect(post.created_user?(user)).to eq true
end
end
context "If not the same user as the logged-in user" do
it "Returning false" do
expect(post.created_user?(other_user)).to eq false
end
end
end