On 26 April 2010 01:16, Mohammed Alenazi <[email protected]> wrote:
> Hi
>
> I have this code
>  def destroy
>   �...@property = Property.find(params[:id])
>   IsAuthorized?(@property.user_id)
>   �[email protected]
>
>    respond_to do |format|
>      format.html { redirect_to(properties_url) }
>      format.xml  { head :ok }
>    end
>  end
>
>  def IsAuthorized?(id)
>    if current_user.id!= id
>      flash[:notice] = 'Not authorized '
>      redirect_to(properties_url)
>    end
>   end
>
> If a not authorized user calls destroy it stills calls
> @property.destroy.

Adding to the other replies to this, the fundamental problem is that
redirect_to (somewhat non-intuitively) is not like a goto command.  It
initiates the redirect and then returns, so that IsAuthorized returns
and the destroy is called whatever happened within IsAuthorized.

Colin

-- 
You received this message because you are subscribed to the Google Groups "Ruby 
on Rails: Talk" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to 
[email protected].
For more options, visit this group at 
http://groups.google.com/group/rubyonrails-talk?hl=en.

Reply via email to