bad solution, rendering or not the link doesnot hide th action, that means with a tool like curl a user can trigger the delete or just writing the link in the browser and changing the method, use an authorization gem , read about cancan,
http://railscasts.com/episodes/192-authorization-with-cancan whe you have is an authorization problem. 2010/9/7 Sebastião Giacheto F. Júnior <[email protected]> > Hi, > I have a simple partial, just a file list. > > The list is exactly the same for those who have permission to change > it, and those who just can see it. > > The best way to keep things DRY, I think, is doing some kind of shared > partial. No problem so far. > > But what about the specific actions (new/edit/delete)? Scattering some > conditional statements seems very very uglier, and even more difficult > to maintain, than separate views. So I came up with another solution: > putting some yield statements on the code. Something like, "yield > :delete" for example. Than I render a partial that contains only the > user specific things, and put the content_for's that are appropriated. > > But I think that can be even a prettier solution. So I'm asking you guys :D > Sorry, if this is a newbie question, I'm new to rails, and concerned > about doing things the best way possible. > > Thanks in advance > -- > Sebastião G. Ferreira Júnior > "How much trust is too much trust? Should you even trust?" > > -- > You received this message because you are subscribed to the Google Groups > "Ruby on Rails: Core" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]<rubyonrails-core%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/rubyonrails-core?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/rubyonrails-core?hl=en.
