On Sat, Jun 13, 2009 at 7:05 PM, Älphä Blüë<[email protected]> wrote: > > Maurício Linhares wrote: >> Yes, this is very bad, if there's no "edit", "update" or "destroy" in >> your controller Rails will just send a 404 back to the browser, it >> won't do anything like letting your user do something you haven't >> programmed yourself. > > So, how do you block these specific actions? > > Do I have to force those specific actions to the index? > > For instance, anyone that types http://mydomain.com/rushing_offenses/new > > .. can access the new template .. > > I shouldn't have to edit the new.html.erb file to empty it out to fix > this.. > > I just don't understand how this type of routing is supposed to be > handled for cases where I simply don't want "anyone" accessing those > items.. >
Read about before_filters and how you can deny access to actions for unauthorized users. You should definitely get a Rails book and read it instead of just trying to force you way with the framework and the language. Will avoid most of the common questions you're having. The best one around now is this -> http://www.pragprog.com/titles/rails3/agile-web-development-with-rails-third-edition > Also, if a user clicks on a link beyond the controller parameter: > > http://mydomain.com/rushing_offenses/goo (for instance) the following > error is returned on my screen: > > ActiveRecord::RecordNotFound in Rushing offensesController#show > > I don't want errors like this to show for anyone. Is this just a > development error response and not one that shows up in production? > That's not the error the user will see in production. For this specific error the page under public/500.html will be shown, this is a development message only. - Maurício Linhares http://codeshooter.wordpress.com/ | http://twitter.com/mauriciojr --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
