I have a model named PaymentMethods that comes under the user. When the user goes to checkout, they are presented with a list of available payment methods which are related to them. What is the best way to ensure that a user can not manually edit the domain and use someone else's payment method?
Am I currently using a custom verification in my model
def at payment_math_? Errors.add (: payment_method, "This card is not for you") unless that is self.user.payment_methods.include? Self.payment_method ending Is this the best way to do it in Rails?
I think that, generally, this is a very good way.
There are some points that may be worth mentioning.
Usually, when adding errors to a particular attribute, it is done with the volume segment in which the subject is not included. The reason is because full_messages inserts the name of the attribute with the helpful error. In this case, the full message is "Payment Method This Card You do not have to be "I just suggest you to change the message" not yours ", as a result of which" payment method is not yours "if they are receiving this message, they probably know why they received it ... An alternative to minimizing the message will be to add the whole error to the base, but this field_world will not work in the same luggage scene.
Secondly, you have two Self s can be removed, they are unnecessary. In the end, in my opinion, the right amount is logic for such recognition, some more complex would probably be a warrant.
Edit: Try this:
Valid: payment_machine, included: {in: Lambda {| X | X.user.payment_methods}}
No comments:
Post a Comment