Search code examples
ruby-on-railsruby-on-rails-3ruby-on-rails-3.2routesnested-routes

Correcting invalid Resource Routes in Rails


One thing I noticed when working with nested resource routes in Rails is that it is technically possible for a user to visit a route where the child resource exists (and is therefore displayed correctly), but the id for the parent resource represents an object that is not actually related to the child resource.

For example, in the route users/:user_id/post/:id, the user could type in a route where :user_id represents a user who did not make the post corresponding to :id.

What would be the best way to fix this so that if the user visits an invalid URL, the server redirects the user to the correct URL?

I have already put some code in my controllers to handle this, but it's kind of awkward having to check the path in every controller action and then redirect the user to the appropriate url, especially since the URL helpers are different for every action.

(edit_user_post_path(@user, @post), new_user_post_path(@user, @post))

There has to be a better way, right?


Solution

  • You should have a before_filter running on all requests that makes sure the user is valid. If not, it will throw ActiveRecord::RecordNotFound and show the friendly 404 page.

    Then grab the post based on the user however you need, whether in another before_filter or directly in the action. Base your post search on the user. My example below demonstrates doing this with another before_filter.

    before_filter :find_user_by_user_id
    before_filter :find_post
    
    def show
      # Use @post variable here however you need
    end
    
    private
    
    def find_user_by_user_id
      @user = User.find(params[:user_id])
    end
    
    def find_post
      # This assumes you have an association set up as needed
      @post = @user.posts.where(id: params[:id]).first
    
      if @post.nil?
        # Do whatever you need here
      end
    end