Question

I am new to rails so go easy. I have created a blog with the ability to "vote" on a post by using a feature much like Facebook s "like". I am not using any authentication but would like to restrict voting on a particular post by IP. That is, once someone votes for a post, they cannot vote again (unless they reset their router of course).

I feel like this should be something I affect by modifying the votes or posts Model, but I fear it has to do with Sessions, which...I don t have any experience yet.

Let me know if you need me to post any code. Here is the votes controller.

class VotesController < ApplicationController

  def create
    @post = Post.find(params[:post_id])
    @vote = @post.votes.create!(params[:vote])

       respond_to do |format|
       format.html { redirect_to @post}
       format.js
     end
  end
end

Answer 1

Two ways of doing it come to mind right away, there are probably others. Both require storing an IP in the database.

Block the vote from being created with a uniqueness validation.

class Vote < ActiveRecord::Base
  validates_uniqueness_of :ip_address
  ...
end

Block the vote from being created in the controller

class VotesConroller < ApplicationController
  ...
  def create
    unless Vote.find_by_post_id_and_ip_address(params[:post_id],request.remote_ip)
       posts.votes.create!(params[:vote].update({:ip_address => request.remote_ip}))
    end
  end
end

Answer 2

I would do both EmFi and bensie said and store the IP address with the vote but you might also want to look into creating a blacklist of IPs which you want to block because the represent popular proxy servers (for example, the many proxies in the http://proxy.org/ list).

As you add to the list it will make it at least a little bit harder for users to cheat.

Answer 3

You could add an ip_address attribute to your votes table and validates_uniqueness_of :ip_address to ensure that only one vote can come from an IP.

友情链接