Preventing incorrect id params in URLs

Hi,

I’m trying to put together a simple forum.

I have categories and topics.

To create a new topic they click on

/forum/new/1

where "1’ is the id of the category. When they submit the form the I
have written the following code to create a new topic and a new post…

def create_new_topic
category_id = params[:id]
@forum_topic = ForumTopic.new(params[:forum_topic])
@forum_topic.category_id = category_id
@message = @forum_topic.forum_post.build(params[:forum_post])
@forum_topic.user_id = session[:user_id]
if @forum_topic.save
update_post(@message.id, @forum_topic.id)
flash[:notice] = ‘ForumTopic was successfully created.’
redirect_to :action => ‘list’
else
render :action => ‘new’
end
end

The following method updates the post, after the topic has been

created. It assigns the correct topic id to the post
def update_post(post_id, topic_id)
post = post_id
topic= topic_id
@post = ForumPost.find(post)
user = session[:user_id]
@post.update_attribute(:user_id, user)
@post.update_attribute(:topic_id, topic)
@post.save
end

My problem is… If i enter any id in the /forum/new/1 URL, my code will
create a new topic even if it doesn’t correspond to any of the
categories.

I have tried this sort of thing, but I just can’t get it to work…

def new
permitted_categories = ForumCategories.find(:all)
category = params[:id]
if category == permitted_categories
@forum_topic = ForumTopic.new
@forum_post = ForumPost.new
else
flash[:notice] = ‘Category not found’
redirect_to :action => ‘index’
end

Any ideas?

Do some error handling like such:

begin
category = Category.find(params[:id])
rescue ActiveRecord::RecordNotFound
logger.error(“Attempt to access invalid catalog #{params[:id]}” )
flash[:notice] = “Invalid catalog”
redirect_to :action => :index
else
…what you want to happen when there is a catalog
end

Hope that helps --K

Kim wrote:

Do some error handling like such:

begin
category = Category.find(params[:id])
rescue ActiveRecord::RecordNotFound
logger.error(“Attempt to access invalid catalog #{params[:id]}” )
flash[:notice] = “Invalid catalog”
redirect_to :action => :index
else
…what you want to happen when there is a catalog
end

Hope that helps --K

That’s works! Thanks so much

However, I don’t quite understand how. Why do you create the variable
category at the start? How is that used?

thanks

On Dec 14, 4:55 pm, Scott H. [email protected]
wrote:

...what you want to happen when there is a catalog

Posted viahttp://www.ruby-forum.com/.
You can think of creating it in case you find it…

Jason

begin / rescue is the ruby way to handle/prevent potential errors.

When you say ‘begin’ the system tries to do whatever is next. In this
case it tries to find the catalog entry with the passed in id. If it
can not, then it does what is in the ‘rescue’ block. Else, if it can
find the catalog, it skips over the rescue code and does what is in the
else block. You can then use the catalog variable in the else statement
to do whatever you want the system to do.

Hope that explains it - K