作为新手ROR开发者,我一直在想办法保护某些方法,以确保正确的用户更新他们自己的内容。这是我的方法的一个例子。保护方法的好习惯
你会推荐一个更清洁的方式或更好的方式来完成这样的任务吗?
# Example Controller
class Owner::PropertiesController < Owner::BaseController
def index
end
etc.....
def update
@property = Property.find(params[:id])
# Check correct owner
check_owner(:owner_id => @property.owner_id)
if @property.update_attributes(params[:property])
redirect_to([:owner, @property], :notice => 'Property was successfully updated.')
else
render :action => "edit"
end
end
def destroy
@property = Property.find(params[:id])
# Check correct owner
check_owner(:owner_id => @property.owner_id)
@property.destroy
redirect_to(owner_properties_url)
end
private
def check_owner p = {}
if p[:owner_id] != session[:owner_id]
redirect_to([:owner, @property], :notice => "Property not found.")
end
end
感谢您的所有评论。我更喜欢保持干燥,这很好。我不想因为拥有许多宝石而混乱,所以只需使用并通过过滤器传递属性就是完美的。 TY – Lee 2011-03-02 00:48:46