Rails validation vs authorization -


i have scenario unsure of whether particular function should considered validation or authorization. can code either way.

users can "like" articles.

when user creates new "like" need ensure user has not liked article. front end limit functionality want backed end safeguards.

should process of ensuring user has not liked article considered validation or authorization?

further comments received:

if auth determines if option available user, or not & validation determines if user selection valid then...

auth make option click "like" available when user has "liked" , therefore inevitably fail validation.

this thinking results in invalid option being presented user.

is ensuring user can delete/edit own "likes" auth or validation? previous logic implies should validation user either authorised add/update or destroy within model or not , ensuring actions valid role of validation illogical present option delete user's reject upon failed validation.

this validation. don't know model architecture, if have like model, validate this:

class < activerecord::base   belongs_to :user_id   belongs_to :article_id    validates :article_id, uniqueness: { scope: :user_id } end 

you should make sure unique constraint present @ db level, avoid potential race condition.


Comments

Popular posts from this blog

java - UnknownEntityTypeException: Unable to locate persister (Hibernate 5.0) -

python - ValueError: empty vocabulary; perhaps the documents only contain stop words -

ubuntu - collect2: fatal error: ld terminated with signal 9 [Killed] -