How would you improve the following controller method?

19 views

Skip to first unread message

fizzi

unread,

Jun 3, 2015, 1:31:41 AM6/3/15

to rubyonra...@googlegroups.com

I made this code but someone told me it was flawed

How would you improve this piece of code in the reviewcontroller (mainly the namereview method)?

class ReviewController < ApplicationController
  before_action :set_reviews, only: [:show, :edit, :update, :destroy]

  def index
    @reviews = Review.all
  end

  def namereview
    @review = Review.find(params[:id])
    if @review.update_attribute(:description, sanitize(params[:description]))
     format.json { render json: { status: 200 } }
    else
     format.json { render json: { status: 500 } }
    end
  end
end

Thanks in advance

Frederick Cheung

unread,

Jun 3, 2015, 2:39:48 AM6/3/15

to rubyonra...@googlegroups.com, frizky...@gmail.com

On Wednesday, June 3, 2015 at 6:31:41 AM UTC+1, fizzi wrote:

I made this code but someone told me it was flawed
How would you improve this piece of code in the reviewcontroller (mainly the namereview method)?

Looking just at that method:

- I wouldn't call it namereview - that seems to suggest that it sets a review name but it doesn't. I'd call it update, and make it behave like a normal update method (i.e. it should use params[:review][:description]). You can leave it only updating the description attribute, but at least bring the semantics closer to the 'normal' update action

- 422 is the usual http status for failed validations

- your code seems to let anyone edit any review - not sure if that is appropriate.