A Forum For’Em
The forum app I created is very simple. With only four models, a User, Post, Comment, and FavoritePost, its’ basic functionality is similar to that of Reddit or Quora. So, yes it is basically a watered down version of those apps. Users are able to create a discussion post, edit, and delete it. They can favorite a post, as well as comment on it. Without logging in though, none of this functionality is available. Users are only able to view posts if they do not have an account.
While building my app, I struggled with associating a comment to a post through the comments and views. I created my application so that comments can be posted on a posts show page. I wasn’t sure how to associate each comment with the post that it was posted under.
<input type="hidden" value="<%= @post.id %>" name="comment[post_id]">The above line of code is within a form for new comments, which is in app/views/posts/show.html.erb . It associates an instance of a posts id with a new comment.
post "/comments" dopost = Post.find_by_id(params[:comment][:post_id])comment = post.comments.build(content: params[:comment][:content], user_id: session[:user_id])end
The block of code is located in the comments controller. The build method basically works like the .new method. It only creates an object in memory so to actually to persist it to the database, save has to be called on the object.
Authentication & Validation
As a user of a web application, I would hate for anyone other than myself to be able to access my account, and the information that I upload to the app. This is why we use authentication and validations to help prevent the input of malicious data, and is needed to ensure security for data persisted to the database. Which in my opinion, is the most crucial part of the development of a web application. Below are examples of using authentication & validation throughout the entire MVC development process.
class User < ActiveRecord::Base
has_secure_password
validates :username, presence: true, uniqueness: true, length: {in: 6..25}
validates :email, presence: true, uniqueness: true, confirmation: true, format: {with:/\A([^@\s]+)@(([-a-z0-9]+)\.([a-z]{2,}))\z/i, message: "please enter a valid email address"}
validates :password, length: {in: 8..100}, confirmation: trueend
In the models, we have validations to ensure proper data is input. If any of the users input for these fields don’t adhere to the requirements of the validations, a user cannot be created and an error will occur. For example, if the length of a users password is shorter than eight, or longer than 100 characters, the data will not be persisted to the database.
def current_user @current_user ||= User.find(session[:user_id]) if session[:user_id]end
This method is one of the helper methods located in the application controller. It is used to assign a User object to @current_user if it doesn’t have a value already. With this helper we know that anytime it is used, the user that is logged in is the current user.
<% if @post.user_id == session[:user_id] %>
<form action="/posts/<%= @post.id %>/delete" method="post">
<input id="hidden" type="hidden" name="_method" value="delete"><input type="submit" value="Delete Post">
</form><% end %>
This code block located in the views verifies the identity of the current user, ensuring that the current user is the user that created the post. If those users are the same, and is logged in, they can view the button to delete their posts and no one else's.
Authentication and validations are not a one-step solution, it takes lots of code to guarantee that all information and data is correctly input, and only accessible by the user that created that data. I’m sure that there are more ways to implement the confirmation of data, but these definitely worked for my project.
