how to call a active record named scope with a str

2020-08-26 10:37发布

I'm sure I'm miss understanding the use of call but I thought I could do something like this.

@case_studies = CaseStudy.call("some_named_scope")

Where "some_named_scope" is also a named scope in CaseStudy. The reason why I need to use call is because I have named scopes that are the same names of the actions in the controller so I'm hopping to do something like this.

@case_studies = CaseStudy.call(params[:action])

EDIT

Forgive me, I just realized I was thinking about the send method, some how the word call got stuck in my head. But @case_studies = CaseStudy.send(params[:action]) works as I thought it would.

3条回答
干净又极端
2楼-- · 2020-08-26 11:35

Although @kolrie has the correct answer, it is not safe at all.

It should be whitelisted as follows:

scope = ["first_scope", "second_scope", "default_scope"].include? params[:action] ? params[:scope] : "default_scope"
@case_studies = CaseStudy.send(scope)
查看更多
仙女界的扛把子
3楼-- · 2020-08-26 11:41

If I understand what you mean, that's what you should call it:

@case_studies = CaseStudy.send(:some_named_scope)

You can use send to call a method and pass either a symbol or a string to it.

查看更多
三岁会撩人
4楼-- · 2020-08-26 11:44

If some_named_scope is a named_scope of the CaseStudy model, you can use send to call the method corresponding to params[:action] value. But this is obviously heavily exploitable.

So, security aside, you could get going with:

@case_studies = CaseStudy.send(params[:action])

Hope it works.

查看更多
登录 后发表回答