Forum: Ruby on Rails Problem in Restful Routing

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
Rock R. (Guest)
on 2008-10-13 13:32
Hi. I have a problem in restful routing. My project is a discussion
forum.


The route is

map.resources :forums do |forum|
      forum.resources :topics do |topic|
             topic.resources :posts
      end
end


Everything in the code I wrote are working good.

An example url for a show action of a forum post would be

http://localhost:3000/forums/3/topics/4/posts/90

Now if i replace 90 by 200, I get the post with id 200 which doesn't
belong to topic id 4.

How can i prevent this?

Thank you
Franz S. (Guest)
on 2008-10-13 14:13
(Received via mailing list)
I would think that the find code in your PostsController is something
like

@post = Post.find(params[:id])

This of course directly gets the Post with the id specified in the URL.

What you can do to get around it is to drilldown from the Forum, Topic
and then Post.  Something like this:

@forum = Forum.find(params[:forum_id], :include => { :topics => :posts }
)
@topic = @forum.topics.select { |topic| topic.id ==
params[:topic_id].to_i }.first
@post = @topic.posts.select { |post| post.id == params[:id].to_i }.first

Please note that the code above is not robust as it does not check for
nils.
If @topic were nil for example, the last line to get the post will bomb
out.

/franz
Rock R. (Guest)
on 2008-10-13 14:15
Thanks a lot. I will try this out now
Piotr Jakubowski (Guest)
on 2008-10-14 01:09
(Received via mailing list)
I am not sure if this is correct approach but you could apply the
before filter that could check if given post belongs to given topic
(and the topic belongs to given forum :) )

On Oct 13, 11:32 am, Rock R. <removed_email_address@domain.invalid>
This topic is locked and can not be replied to.