If you have a lot of logic associated with the data inside a session, you'll need some central location to put this logic. See how to create a session based model in this episode.
# models/user_session.rb
class UserSession
def initialize(session)
@session = session
@session[:comment_ids] ||= []
end
def add_comment(comment)
@session[:comment_ids] << comment.id
end
def can_edit_comment?(comment)
@session[:comment_ids].include?(comment.id) && comment.created_at > 15.minutes.ago
end
end
# controllers/application.rb
def user_session
@user_session ||= UserSession.new(session)
end
helper_method :user_session
# comments_controller.rb
before_filter :authorize, :only => [:edit, :update]
def create
@comment = Comment.new(params[:comment])
if @comment.save
user_session.add_comment(@comment)
flash[:notice] = "Successfully created comment."
redirect_to article_url(@comment.article_id)
else
render :action => 'new'
end
end
private
def authorize
unless user_session.can_edit_comment? Comment.find(params[:id])
flash[:error] = "You are no longer able to edit this comment."
redirect_to root_url
end
end
<% if user_session.can_edit_comment? comment %>
<p><%= link_to "Edit", edit_comment_path(comment) %></p>
<% end %>
分享到:
相关推荐
Session有多种类型,包括单例和事务性会话,其生命周期管理对于保证数据一致性至关重要。 #### Template and Callback 模板和回调机制提供了额外的灵活性,允许开发者定义自己的数据处理逻辑,比如自定义索引创建...
##### 2.1 Session-based Model(基于会话的模型) 在这种模型中,每个客户端连接都有一个专门的线程来处理数据交换。这种模式简单直观,但随着并发连接数量的增加,系统会遇到以下问题: - 每个线程占用一定的...
它是一种基于对象(Object-Based)且事件驱动(Event-Driven)的语言,能够在多种平台上运行。 ### 验证控件使用 - **控件验证**: 使用验证控件时,通常需要指定一个被验证控件的ID,这通过`ControlToValidate`...
3. **DOM型XSS(DOM-based XSS)**:恶意脚本不直接来自服务器,而是由网页的DOM(Document Object Model)解析不当的用户输入时产生。 ### XSS平台与工具 在进行XSS测试和研究时,有一些工具和平台可供使用: - ...
- **DOM (Document Object Model)**:将XML文档转化为树形结构。 - **SAX (Simple API for XML)**:基于事件驱动模型。 - **StAX (Streaming API for XML)**:支持流式处理大型XML文档。 ##### 项目的生命周期 - *...
as well as the state-of-the-art Latent Dirichlet Allocation based model (LDA). Specifically, the RankingSVM-based method achieves statistical significant improvements over the SVM-based method and has...
在这种情况下,恶意脚本是通过修改文档对象模型(Document Object Model, DOM)中的某些属性来执行的。只要用户访问了含有恶意脚本的页面,攻击就可以发生。 ### XSS攻击的风险 XSS攻击对Web应用程序构成严重威胁...
- **DOM(Document Object Model)**:介绍如何使用DOM进行网页元素的操作,这对于构建动态Web应用至关重要。 - **AJAX**:讲解异步JavaScript和XML技术,以及如何使用它来创建更加响应式的Web应用。 3. **ASP.NET ...
PKC 2019 Beijing day3 session 10 and 11 slides. topic: Post Quantum Cryptography (I) and (II) papers from IACR: Efficiently Masking Binomial Sampling at Arbitrary Orders for Lattice-Based Crypto ...
- **权限控制**:通过RBAC(Role-Based Access Control)角色权限模型来实现不同用户角色之间的权限分配。 #### 3.2 数据持久化 - **ORM框架**:如MyBatis、Hibernate等,用于简化数据库操作。 - **事务管理**:...
- **Introduction to EJB**: EJB is a component-based model for enterprise Java applications. It provides a framework for building and deploying distributed business applications. - **EJB Types**: ...
- `SecurityModel`:处理SNMPv3的安全性,如USM(User-based Security Model)。 - `AuthenticationProtocol`和`PrivacyProtocol`:定义认证和加密策略。 ### SNMP4J API 扩展与自定义 SNMP4J允许开发者自定义PDU...
To illustrate the differences between EJB2 and EJB3, consider the following comparison based on the example provided: **EJB2.1 Session Bean Class:** ```java public class CartEJB implements Session...
In R, formulae are used to specify the model structure in statistical analyses. They are written in the form `response ~ predictors`, where `response` is the dependent variable and `predictors` are ...
- **Threat Modeling:** Knowledge of how to model threats and identify potential vulnerabilities within an application. 2. **Input Validation:** - **Data Validation:** Ability to validate input data...
Abstract: With the development of engineering technology and the improvement of mathematical model, a large number of optimization problems were developed from low dimensional optimization to large-...