假设您有以下内容。
Manager model
Request model
User model
A user makes a request. The manager then approves that request (or denies it).
所以我的问题是:批准/拒绝方法是进入请求控制器还是管理器控制器?或者也许没关系?
经理执行"操作",但在后台我们正在更新模型。它可以像更改字符串一样简单。
我已经以两种方式做到了这一点,对我来说,更特定于模型似乎更自然,但我想以正确的方式做到这一点,因为我还没有处理过大量的项目。
class User < ApplicationRecord
enum role: [:employee, :manager]
has_many :applications, foreign_key: 'applicant_id'
end
class Application < ApplicationRecord
belongs_to :applicant, class_name: 'User'
has_many :approvals
end
class Approval < ApplicationRecord
belongs_to :application
belongs_to :manager, class: 'User'
validates_uniqueness_of :application_id, scope: 'manager_id'
end
注意 Application 而不是 Request 。 Request和Response作为模型名称是有问题的,因为它们是Rails和Web开发的核心概念。例如,使用实例变量@request将屏蔽传入的请求!这也使你的代码很难推理。
请注意,您可能不需要单独的管理器模型,除非要求大不相同。您可以改用角色来解决它。
然后我们设置一个嵌套路由:
resources :applications do
resources :approvals, only: [:create, :destroy], shallow: true
end
以及符合 CRUD 认证的控制器:
class ApprovalsController < ApplicationController
before_action :authenticate_user!
before_action :authorize!
before_action :set_application, only: [:new, :create, :index]
# Approve an application
# POST /applications/:application_id/approvals
def create
@approval = @application.approvals.new do |a|
a.manager = current_user
end
if @approval.save
redirect_to @application, success: 'Application Approved'
else
render :new
end
end
# Revoke approval
# DELETE /approvals/:id
def destroy
@approval = Approval.find(params[:id])
@approval.destroy
redirect_to @approval.application, success: 'Approval revoked.'
end
private
def set_application
@application = Application.find(params[:application_id])
end
# Just a minimal authorization example
# Use Pundit or CanCanCan for real world apps instead of reinventing the wheel
def authorize!
raise AuthorizationError unless current_user.manager?
end
end