On 26 April 2010 01:16, Mohammed Alenazi <[email protected]> wrote: > Hi > > I have this code > def destroy > �...@property = Property.find(params[:id]) > IsAuthorized?(@property.user_id) > �[email protected] > > respond_to do |format| > format.html { redirect_to(properties_url) } > format.xml { head :ok } > end > end > > def IsAuthorized?(id) > if current_user.id!= id > flash[:notice] = 'Not authorized ' > redirect_to(properties_url) > end > end > > If a not authorized user calls destroy it stills calls > @property.destroy.
Adding to the other replies to this, the fundamental problem is that redirect_to (somewhat non-intuitively) is not like a goto command. It initiates the redirect and then returns, so that IsAuthorized returns and the destroy is called whatever happened within IsAuthorized. Colin -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.

