botanicus/comment.rb

## comment.rb
class Comment < ActiveRecord::Base
  belongs_to :general
  belongs_to :author, :class_name => "User"
end

## comments.rb
class CommentsController < ApplicationController
  def create
    if params[:protection].eql?("OK")
      @comment = current_user.comments.new(params[:comment])
      @comment.general = General.find(params[:general])
      if @comment.save
        flash[:notice] = 'Comment was successfully created.'
        redirect_to(@comment.general)
      else
        render :controller => "general", :action => "new"
      end
    else
      # Antispam. Nearly anyone has disabled JS.
      render :text => "Sorry, but you must have your JS enabled. Turn it on and try it again please."
    end
  end
end

## migration.rb
class AddUserIdToComment < ActiveRecord::Migration
  def self.up
    add_column :comments, :user_id, :integer
  end

  def self.down
  end
end

## user.rb
require 'digest/sha1'

class User < ActiveRecord::Base
  include Authentication
  include Authentication::ByPassword
  include Authentication::ByCookieToken

  has_many :comments

  validates_presence_of     :login
  validates_length_of       :login,    :within => 3..40
  validates_uniqueness_of   :login
  validates_format_of       :login,    :with => Authentication.login_regex, :message => Authentication.bad_login_message

  validates_format_of       :name,     :with => Authentication.name_regex,  :message => Authentication.bad_name_message, :allow_nil => true
  validates_length_of       :name,     :maximum => 100

  validates_presence_of     :email
  validates_length_of       :email,    :within => 6..100 #r@a.wk
  validates_uniqueness_of   :email
  validates_format_of       :email,    :with => Authentication.email_regex, :message => Authentication.bad_email_message

  # prevents a user from submitting a crafted form that bypasses activation
  # anything else you want your user to change should be added here.
  attr_accessible :login, :email, :name, :password, :password_confirmation, :admin

  # Authenticates a user by their login name and unencrypted password.  Returns the user or nil.
  def self.authenticate(login, password)
    return nil if login.blank? || password.blank?
    u = find_by_login(login) # need to get the salt
    u && u.authenticated?(password) ? u : nil
  end

  def login=(value)
    write_attribute :login, (value ? value.downcase : nil)
  end

  def email=(value)
    write_attribute :email, (value ? value.downcase : nil)
  end

  def admin?
    self.admin
  end

end

## view.html.erb
<h6>Add new comment</h6>
<% form_for @comment do |f| %>
<p>
  <%= label_tag 'title' %>
  <%= f.text_field :title %>
<p>
  <%= label_tag 'body' %>
  <%= f.text_area :body %>
</p>
<%= hidden_field_tag "general", "general", :value => @general.id %>
<%= hidden_field_tag "protection", "protection" %>
<%= submit_tag "Comment!" %>
<% end %>

<%= link_to 'Edit', edit_general_path(@general) %>
<%= link_to 'Delete', @general, :confirm => 'Are you sure you want to delete this whole entry?', :method => :delete %>
<%= link_to 'Back', generals_path %>

</div>
	class Comment < ActiveRecord::Base
	belongs_to :general
	belongs_to :author, :class_name => "User"
	end
	class CommentsController < ApplicationController
	def create
	if params[:protection].eql?("OK")
	@comment = current_user.comments.new(params[:comment])
	@comment.general = General.find(params[:general])
	if @comment.save
	flash[:notice] = 'Comment was successfully created.'
	redirect_to(@comment.general)
	else
	render :controller => "general", :action => "new"
	end
	else
	# Antispam. Nearly anyone has disabled JS.
	render :text => "Sorry, but you must have your JS enabled. Turn it on and try it again please."
	end
	end
	end
	class AddUserIdToComment < ActiveRecord::Migration
	def self.up
	add_column :comments, :user_id, :integer
	end

	def self.down
	end
	end
	require 'digest/sha1'

	class User < ActiveRecord::Base
	include Authentication
	include Authentication::ByPassword
	include Authentication::ByCookieToken

	has_many :comments

	validates_presence_of :login
	validates_length_of :login, :within => 3..40
	validates_uniqueness_of :login
	validates_format_of :login, :with => Authentication.login_regex, :message => Authentication.bad_login_message

	validates_format_of :name, :with => Authentication.name_regex, :message => Authentication.bad_name_message, :allow_nil => true
	validates_length_of :name, :maximum => 100

	validates_presence_of :email
	validates_length_of :email, :within => 6..100 #r@a.wk
	validates_uniqueness_of :email
	validates_format_of :email, :with => Authentication.email_regex, :message => Authentication.bad_email_message

	# prevents a user from submitting a crafted form that bypasses activation
	# anything else you want your user to change should be added here.
	attr_accessible :login, :email, :name, :password, :password_confirmation, :admin

	# Authenticates a user by their login name and unencrypted password. Returns the user or nil.
	def self.authenticate(login, password)
	return nil if login.blank? \|\| password.blank?
	u = find_by_login(login) # need to get the salt
	u && u.authenticated?(password) ? u : nil
	end

	def login=(value)
	write_attribute :login, (value ? value.downcase : nil)
	end

	def email=(value)
	write_attribute :email, (value ? value.downcase : nil)
	end

	def admin?
	self.admin
	end

	end
	<h6>Add new comment</h6>
	<% form_for @comment do \|f\| %>
	<p>
	<%= label_tag 'title' %>
	<%= f.text_field :title %>
	<p>
	<%= label_tag 'body' %>
	<%= f.text_area :body %>
	</p>
	<%= hidden_field_tag "general", "general", :value => @general.id %>
	<%= hidden_field_tag "protection", "protection" %>
	<%= submit_tag "Comment!" %>
	<% end %>

	<%= link_to 'Edit', edit_general_path(@general) %>
	<%= link_to 'Delete', @general, :confirm => 'Are you sure you want to delete this whole entry?', :method => :delete %>
	<%= link_to 'Back', generals_path %>

	</div>