开发者

Ensure that the controller's request is valid?

开发者 https://www.devze.com 2023-03-11 04:53 出处:网络
In my app, I have [for example] three controllers: groups, forums, and discussions. In my discussions_controller.rb:

In my app, I have [for example] three controllers: groups, forums, and discussions.

In my discussions_controller.rb:

def index
  @group = Group.find(params[:group_id])
  @forum = Forum.find(params[:forum_id])
  @discussions = @forum.discussions
  ...
end

So, for example, the URL /groups/1/forums/1/discussions renders the same page as /groups/2/forums/discussions. Does this mean that in my controllers I'll have to append something like if @group.forums.to_a.include?(@forum)? This seems messy and non-rails. I guess I could also create a private method like:

def has_for开发者_开发知识库um
  deny_access unless @group.forums.to_a.include?(@forum)
end

But this would involve code duplication... so is there something really simple I'm missing?

Thanks


Assuming you meant that /groups/1/forums/1/discussions renders the same contents as /groups/2/forums/1/discussions (i.e. specifying the forum_id in both urls) then you could try the following:

def index
  @group = Group.find(params[:group_id]
  @forum = @group.forums.find(params[:forum_id])
  @discussions = @forum.discussions
  ...
end

That should throw an ActiveRecord::RecordNotFound if you try and access a forum for the wrong group. You should, however, deny access if the user is not part of the group.

0

精彩评论

暂无评论...
验证码 换一张
取 消