RoR - Nested Resources, Security ，pagination

root to: 'xxx'  默认root路径

Nested Resource:

Rails.application.routes.draw do
    resources :books do
        resources :notes # , only: [:create, :destroy]
    end

    root to: "books#index"
end

content_tag:

simple_format:  Formats new lines as <br>

Authentication:

has_secure_password 

#bcrypt-ruby(gemfile)
1. run bundle install
2. make sure password_digest is table column
3.account for password inside strong parameters list in the controller 

HTTP Sessions and cookies:

HTTP is a stateless protocol:

1.即使来自同一个浏览器的每个新请求都不知道以前发出的请求。

2.这意味着，即使用户发出请求，他在所有后续请求中都将被视为未知。

Cookies and Sessions to the rescue(keep state)

Sessions in rails:

1.rails 中session 以hash形式来传播

2.服务器向浏览器发送一个cookie，其中包含浏览器存储的会话信息，并在所有后续请求（直到会话结束）时将其发送回服务器

Rails.application.routes.draw do
    resources :books do
        resources :notes, only: [:create, :destroy]
    end

    resources :sessions, only: [:new, :create, :destroy]

    root to: "books#index"

　　get "/login" => "sessions#new", as: "login"
　　delete "/logout" => "sessions#destroy", as: "logout"

end

session controller:

Authorization:

def logged_in?
    session[:reviewer_id] # nil is false
end 

def current_user
    @current_user ||= Reviewer.find(session[:reviewer_id])
end

Pagination:

# include will_paginate gem 

# use in controller 

def index
    @books = current_user.books.paginate(page: params[:page], per_page: 10)
end

# use in html.erb

<%= will_paginate @books %>

ssl： in production.rb,

　　uncomment #config.fore_ssl = true

　　to use https