Sorry, My controller actions are already restricted based on the user type (I use authlogic). I'm not restricting anything on the view. It's not possible to do something as a normal user, even if the links/forms were there. I just wan't to render the view differently for each one, but keeping things more DRY (since the list is almost about the same for each user) and without ugly conditional statements.
But sorry, I was warned to post this kind of doubt on the other mail list: 'rails-talk', not here. Newbie behavior :D Thanks for the answer. On Wed, Sep 8, 2010 at 11:54 AM, radhames brito <[email protected]> wrote: > bad solution, rendering or not the link doesnot hide th action, that means > with a tool like curl a user can trigger the delete or just writing the link > in the browser and changing the method, use an authorization gem , read > about cancan, > > http://railscasts.com/episodes/192-authorization-with-cancan > > whe you have is an authorization problem. > > 2010/9/7 Sebastião Giacheto F. Júnior <[email protected]> >> >> Hi, >> I have a simple partial, just a file list. >> >> The list is exactly the same for those who have permission to change >> it, and those who just can see it. >> >> The best way to keep things DRY, I think, is doing some kind of shared >> partial. No problem so far. >> >> But what about the specific actions (new/edit/delete)? Scattering some >> conditional statements seems very very uglier, and even more difficult >> to maintain, than separate views. So I came up with another solution: >> putting some yield statements on the code. Something like, "yield >> :delete" for example. Than I render a partial that contains only the >> user specific things, and put the content_for's that are appropriated. >> >> But I think that can be even a prettier solution. So I'm asking you guys >> :D >> Sorry, if this is a newbie question, I'm new to rails, and concerned >> about doing things the best way possible. >> >> Thanks in advance >> -- >> Sebastião G. Ferreira Júnior >> "How much trust is too much trust? Should you even trust?" >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Ruby on Rails: Core" group. >> To post to this group, send email to [email protected]. >> To unsubscribe from this group, send email to >> [email protected]. >> For more options, visit this group at >> http://groups.google.com/group/rubyonrails-core?hl=en. >> > > -- > You received this message because you are subscribed to the Google Groups > "Ruby on Rails: Core" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/rubyonrails-core?hl=en. > -- Sebastião G. Ferreira Júnior "How much trust is too much trust? Should you even trust?" -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/rubyonrails-core?hl=en.
