在Ruby on Rails中创建对象时,您更喜欢哪种保存方法,为什么？

Question

在Ruby on Rails应用程序中为对象编写"create"方法时,我使用了两种方法.我想使用一种方法,以便更清晰,更一致的代码.我将列出以下两种方法.有人知道一个人比另一个好吗？如果是这样,为什么？

方法1:

def create1
  # is this unsecure? should we grab user_id from the session
  params[:venue]['user_id'] = params[:user_id]

  begin
    venue = Venue.create(params[:venue])
    @user_venues = @user.venues
    render :partial => 'venue_select_box', :success => true, :status => :ok
  rescue ActiveRecord::RecordInvalid
    render :text => 'Put errors in here', :success => false, :status => :unprocessable_entity
  end
end

方法2:

def create2
   # is this unsecure? should we grab user_id from the session
  params[:venue]['user_id'] = params[:user_id]

  venue = Venue.new(params[:venue])
  if venue.save
    @user_venues = @user.venues
    render :partial => 'venue_select_box', :success => true, :status => :ok
  else
    render :text => 'Put errors in here', :success => false, :status => :unprocessable_entity
  end
end

Answer 1

class VenuesController < ApplicationController
  def create
    @venue = @user.venues.create!(params[:venue])
    render :partial => 'venue_select_box', :success => true, :status => :ok
  end

  rescue_from ActiveRecord::RecordInvalid do
    render :text => 'Put errors in here', :success => false, :status => :unprocessable_entity
  end
end

以这种方式使用@user.venues可确保用户 ID 始终被正确设置。此外，ActiveRecord 将保护该:user_id字段在调用过程中不被分配#create!。因此，来自外部的攻击将无法修改:user_id。

在测试中，您可以验证对 :create 执行 POST 是否会引发 ActiveRecord::RecordInvalid 异常。