Forms on both pages contain this code user_id in hidden input field:
<%= hidden_input f, :user_id %>
There could be beginners reading the book that wouldn’t understand why this is bad approach, so I suggest you don’t use the user_id from the params, but instead use the one from the current_user when saving survey data.
And modified save_rating/2 on page 199 to add user_id and product_id from the values already in the socket assigns (rather than from the hidden input field):
defp save_rating(
%{assigns: %{product_index: product_index, product: product}} = socket,
rating_params
) do
rating_params
|> add_user_id_param(socket)
|> add_product_id_param(socket)
|> Survey.create_rating()
|> case do
{:ok, %Rating{} = rating} ->
product = %{product | ratings: [rating]}
send(self(), {:created_rating, product, product_index})
socket
{:error, %Ecto.Changeset{} = changeset} ->
assign(socket, changeset: changeset)
end
end
defp add_user_id_param(rating_params, socket) do
Map.put(rating_params, "user_id", socket.assigns.current_user.id)
end
defp add_product_id_param(rating_params, socket) do
Map.put(rating_params, "product_id", socket.assigns.product.id)
end