Home/ Questions/Q 7498873
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-29T19:37:30+00:00

I want my visitors to be able to edit or delete their comment up

  • 0

I want my visitors to be able to edit or delete their comment up too 5-10 min after they created it.

How should I authenticate this with a session or cookie?
My comment controller:

class CommentsController < ApplicationController
  # GET /comments
  # GET /comments.xml

  # GET /comments/new
  # GET /comments/new.xml
  def new
    @comment = Comment.new

    respond_to do |format|
      format.html # new.html.erb
      format.xml  { render :xml => @comment }
    end
  end

  # GET /comments/1/edit
  def edit
    @comment = Comment.find(params[:id])
  end

  # POST /comments
  # POST /comments.xml
  def create
    @blog = Blog.find(params[:blog_id])
    params[:comment][:ip] = request.remote_ip
    @comment = @blog.comments.create!(params[:comment])
    redirect_to @blog
  end

  # PUT /comments/1
  # PUT /comments/1.xml
  def update
    @comment = Comment.find(params[:id])

    respond_to do |format|
      if @comment.update_attributes(params[:comment])
        format.html { redirect_to(admin_comments_path, :notice => 'Comment was successfully updated.') }
        format.xml  { head :ok }
      else
        format.html { render :action => "edit" }
        format.xml  { render :xml => @comment.errors, :status => :unprocessable_entity }
      end
    end
  end

  # DELETE /comments/1
  # DELETE /comments/1.xml
  def destroy
    @comment = Comment.find(params[:id])
    @comment.destroy

    respond_to do |format|
      format.html { redirect_to(admin_comments_url, :notice => 'Indlæg slettet') }
      format.xml  { head :ok }
    end
  end
end
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    store the saved comment’s id in the session and then at the time of delete or update, check the session for the comment’s id and compare the current-time with the comment’s created_at… this can go in a filter method.

    Also, you can move the code of finding the comment with id in a filter and can follow DRY.

    Here it goes:

    class CommentsController < ApplicationController

  before_filter :get_blog
  before_filter :get_comment, :only => [:edit, :update, :destroy]
  before_filter :authorize_comment, :only => [:edit, :update, :destroy]

  private

  def get_blog
    @blog = Blog.find(params[:blog_id])
  end

  def get_comment
    @comment = Comment.find(params[:id])
  end

  def authorize_comment
    unless @comment
      flash[:error] = "Comment Not Found" 
      redirect_to @blog and return
    else
      # checks whether the comment is there in sessions' recent_comments 
      # if true, it means, this comment was created by the same visitor who is now attempting to delete/update it again
      if session[:recent_comments].include?(@comment.id)

        # now check if the comment is editable w.r.t time or not
        if @comment.created_at < 10.minutes.ago
          # if true, it means comment can no longer be updated/deleted
          # if you wish you can now remove this from the session's recent_comments
          session[:recent_comments].delete(@comment.id)
          flash[:error] = "Sorry, you can not change this comment now"
          redirect_to @blog and return
        else
          # it means comment can be edited/updated
          return true
        end
      else
        flash[:error] = "Sorry, you can not change this comment now"
        redirect_to @blog and return
      end
    end
  end

  public


  def new
    @comment = Comment.new

    respond_to do |format|
      format.html # new.html.erb
      format.xml  { render :xml => @comment }
    end
  end


  def edit
  end

  def create    
    params[:comment][:ip] = request.remote_ip
    @comment = @blog.comments.create!(params[:comment])

    unless session[:recent_comments].is_a?(Array)
      session[:recent_comments] = []
    end
    session[:recent_comments] << @comment.id

    redirect_to @blog
  end

  def update

    respond_to do |format|
      if @comment.update_attributes(params[:comment])
        format.html { redirect_to(admin_comments_path, :notice => 'Comment was successfully updated.') }
        format.xml  { head :ok }
      else
        format.html { render :action => "edit" }
        format.xml  { render :xml => @comment.errors, :status => :unprocessable_entity }
      end
    end
  end

  def destroy
    @comment.destroy

    respond_to do |format|
      format.html { redirect_to(admin_comments_url, :notice => 'Indlæg slettet') }
      format.xml  { head :ok }
    end
  end
end
    • 0