protect actions for show, edit
Posted in Forums : Ask a Rails expert
Authority 0
Posting Rating 0
Sign in to rate this post
|
Hello buddies! I’m wondering which is the best and th emopst practical way to hide these actions, or simply to forbide user entering e.q. aplication/cv/edit/22 and to edit every cv or to view any cv. I’m using UUID’s for authorization. When a user register, he got his uuid to his mail, and with the right uuid as parameter in link I show his cv. Any suggestions? |
Authority 12
Posting Rating 98
Sign in to rate this post
|
Take a look at this plugin: http://github.com/DocSavage/rails-authorization-plugin/tree/master/authorization |
|
Authority 75
Posting Rating 94
Sign in to rate this post
|
If you somehow state that User.has_many :cvs, you can do current_user.cvs.find(params[:id]). That way, you’ll get a 404 (ActiveRecord::RecordNotFound) if the cv in question is not in the current_user.cvs list. |
Other Recent Topics
Ask a Rails expert : nested resources errors array
Ask a Rails expert : Read more link
Ask a Rails expert : What the View and Controller code would be?
Ask a Rails expert : Properly creating ActiveRecord related "subclasses"...?
Ask a Rails expert : Working with named_scopes
Ask a Rails expert : active_scaffold in Rails 2.2.2
Ask a Rails expert : Creating nice url's
Ask a Rails expert : Inflector::titleize(column.humanize)
Ask a Rails expert : rails/info/properties
Ask a Rails expert : attachment_fu display image
