I am trying to build a CMS using ERB. Is there a way you can giv开发者_运维百科e ERB code read-only access to your models? For instance, I want to be able to load any information on my models (Model.all, Model.find_by_slug, Model.find_by_name, Model.other_model.name, etc...), but I don't want to be able to change this data. Can you disable ERB from executing commands that would make database changes (Model.save, Model.update, Model.delete, Model.destroy, etc.)???
Give this a shot: http://www.liquidmarkup.org/
There is safemode by Rails core developer Sven Fuchs to make you erb, well, safer.
A template engine like liquid (which is painful in my eyes) or mustache might be easier to learn and apply for your users than erb.
Try to use :readonly flag while finding models:
@posts = Post.find(:all, :readonly => true)
In case you'll try to save it - will throw ReadOnlyRecord exception. But I'd also suggest Liquid as a templater, since user has no restricted access to application varibles inside ERB templates.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论