I am confused with the way you can get every url such as deals/:id/properties/:id despite having a one-to-one association btw a deal and a property. How come is that possible that I can type and get deals/2/properties/14 (or any combination) in the browser url when the property associated with deal 2 is property 6 in my database. The links I have in the views do work and I get the right association deals/2/properties/6 using the links but my question is there something I did wrong in the setup (or everywhere else) or is that just Rails allowing every possible combination to be tested in the browser.... If yes is there a way to prevent this to happen? Thanks a lot
I have a one-to-one association => 1 deal has_one property and a property belongs_to deal. I have nested routes as follows
resources :deals, only: [:index, :show, :create, :update, :destroy] do
scope '/siteadmin' do
resources :properties
end
end
scope '/siteadmin' do
resources :deals, except: [:index, :show]
end
deal.rb
class Deal < ApplicationRecord
has_one :property, dependent: :destroy
accepts_nested_attributes_for :property
end
property.rb
class Property < ApplicationRecord
belongs_to :deal
validates :full_address, presence: true
validates_uniqueness_of :deal_id
end
deals_controller.rb
class DealsController < ApplicationController
before_action :set_deal, only: [:show, :edit, :update, :destroy]
def index
@deals = Deal.all
end
def show
@property = @deal.property
end
def new
@deal = Deal.new
end
def create
@deal = Deal.new(deal_params)
if @deal.save
redirect_to deals_path, notice: 'Deal was successfully created'
else
render :new
end
end
def edit
end
def update
if @deal.update(deal_params)
redirect_to @deal, notice: 'Deal was successfully updated'
else
flash.now[:alert] = "Deal has not been updated."
render :edit
end
end
def destroy
@deal.destroy
redirect_to deals_path, notice: 'Deal was successfully deleted'
end
private
def deal_params
params.require(:deal).permit(:description, :kind, :address, :image_url, :occupancy, :yield)
end
def set_deal
@deal = Deal.find(params[:id])
rescue ActiveRecord::RecordNotFound
flash[:alert] = "The deal you were looking for could not be found."
redirect_to deals_path
end
end
properties_controller.rb
class PropertiesController < ApplicationController
before_action :set_deal
before_action :set_property, only: [:show, :edit, :update, :destroy]
def index
@properties = Property.all.order(id: :asc)
end
def show
end
def new
@property = @deal.build_property
end
def create
@property = @deal.build_property(property_params)
if @property.save
flash[:notice] = "Property has been created."
redirect_to [@deal, @property]
else
flash.now[:alert] = "Property has not been created."
render "new"
end
end
def edit
end
def update
if @property.update(property_params)
flash[:notice] = "Property has been updated."
redirect_to [@deal, @property]
else
flash.now[:alert] = "Property has not been updated."
render "edit"
end
end
def destroy
@property.destroy
flash[:notice] = "Property has been deleted."
redirect_to @deal
end
private
def property_params
params.require(:property).permit(:genre, :surface, :nb_rooms, :nb_bedrooms, :city, :district, :full_address)
end
def set_property
@property = Property.find(params[:id])
end
def set_deal
@deal = Deal.find(params[:deal_id])
end
end
deals show.html.erb
<h2>Property in the deal:</h2>
<ul class="list-unstyled text-justify">
<li>Property id #<%= @deal.property.try(:id) %> - <%= link_to @deal.property.try(:full_address), [@deal, @property] %></li>
<li>Adresse of the property: <%= @deal.property.try(:full_address) %></li>
<li><%= link_to "see all the properties", deal_properties_path(@deal) %></li>
<%= link_to "add deal", new_deal_path, {class: "btn btn-primary"} %>
</ul>
properties index.html.erb
<header>
<h2>All properties</h2>
<ul id="properties in the db">
<% @properties.each do |property| %>
<li>Property id #<%= property.id %> - <%= link_to property.full_address, deal_property_path(property.deal, property) %></li>
<li><%= link_to "See our Deal", deal_path(property.deal) %></li>
<li><%= link_to "Edit Property", edit_deal_property_path(property.deal, property) %></li>
<li>Deal id #<%= property.deal.id %></li>
<% end %>
<br>
</ul>
<ul class="actions">
<li><%= link_to "Add Property", new_deal_property_path(@deal),
class: "new" %></li>
<li><%= link_to "Back to deals", deals_path%></li>
</ul>
</header>
properties show.html.erb
<header>
<h2>Property id #<%= @property.id %> <%= @property.full_address %></h2>
</header>
<h3>This is the property #<%= @property.id %> of the Deal @<%= @deal.id %> - <%= @deal.address %></h3>
<p>This property is located at <%= @property.full_address %></p>
<li><%= link_to "See all the properties", deal_properties_path(@deal)%></li>
the routes handles just the format of the query string not the values in it.
what I like to do is scope the data in the controller like this
class PropertiesController < ApplicationController
before_action :set_deal
before_action :set_property, only: [:show, :edit, :update, :destroy]
def index
@properties = Property.all.order(id: :asc)
end
def show
end
def new
@property = @deal.build_property
end
def create
@property = @deal.build_property(property_params)
if @property.save
flash[:notice] = "Property has been created."
redirect_to [@deal, @property]
else
flash.now[:alert] = "Property has not been created."
render "new"
end
end
def edit
end
def update
if @property.update(property_params)
flash[:notice] = "Property has been updated."
redirect_to [@deal, @property]
else
flash.now[:alert] = "Property has not been updated."
render "edit"
end
end
def destroy
@property.destroy
flash[:notice] = "Property has been deleted."
redirect_to @deal
end
private
def property_params
params.require(:property).permit(:genre, :surface, :nb_rooms, :nb_bedrooms, :city, :district, :full_address)
end
def set_property
@property = @deal.property #.find(params[:id]) # you don't need to find it because there is only 1
end
def set_deal
@deal = Deal.find(params[:deal_id])
end
end