Rails validation vs authorization -
i have scenario unsure of whether particular function should considered validation or authorization. can code either way.
users can "like" articles.
when user creates new "like" need ensure user has not liked article. front end limit functionality want backed end safeguards.
should process of ensuring user has not liked article considered validation or authorization?
further comments received:
if auth determines if option available user, or not & validation determines if user selection valid then...
auth make option click "like" available when user has "liked" , therefore inevitably fail validation.
this thinking results in invalid option being presented user.
is ensuring user can delete/edit own "likes" auth or validation? previous logic implies should validation user either authorised add/update or destroy within model or not , ensuring actions valid role of validation illogical present option delete user's reject upon failed validation.
this validation. don't know model architecture, if have like
model, validate this:
class < activerecord::base belongs_to :user_id belongs_to :article_id validates :article_id, uniqueness: { scope: :user_id } end
you should make sure unique constraint present @ db level, avoid potential race condition.
Comments
Post a Comment