please check the post "Use scope access" on rails-bestpractices.com, http://rails-bestpractices.com/posts/3-use-scope-access, it tells you how to use the Ed's way to strict access and rescue the exceptions.
On 9月6日, 上午11时38分, nobosh <[email protected]> wrote: > Thanks for the reply, I do have the relationships declared above in > the models... I've been learning and following the rails 3 book > here:http://railstutorial.org/chapters/a-demo-app#sec:microposts_resource > > I tried your suggestion "@note = @user ? > @user.notes.find(params[:id]) : nil " and while it didn't error which > was good, it didn't work, it ended up redirecting... Full code: > > class NotesController < ApplicationController > before_filter :correct_user, :only => :show > . > . > . > def show > @note = Note.find(params[:id]) > > respond_to do |format| > format.html # show.html.erb > format.xml { render :xml => @note } > end > end > > private > def correct_user > #...@note = Note.find(params[:id]) > #...@note_userid = @note.user_id > @note = @user ? @user.notes.find(params[:id]) : nil > @current_userid = current_user.id > redirect_to(root_path) unless @current_userid == > @note_userid > end > end > > --- > > Any ideas? I want to learn the right way to Rails > > On Sep 5, 8:26 pm, Ed <[email protected]> wrote: > > > On Sep 5, 10:53 pm, nobosh <[email protected]> wrote: > > > > Ed thanks for the reply. I'd love to hear more... I tried your > > > suggestion but it error'd: > > > > "undefined method `Notes' for nil:NilClass" > > > Two possible issues: > > > 1. Do you have the relationship declared in the models? > > > class Note < ActiveRecord > > belongs_to :user > > end > > > class User < ActiveRecord > > has_many :notes > > end > > > 2. If @user is a nil object, it will throw an error. Set @user to > > the current_user in your before_filter. If there is a possibility of > > hitting that point with a nil user, then change the line to read > > something like this: > > > @note = @user ? @user.notes.find(params[:id]) : nil > > > which is a shorter way of saying > > > if @user.nil? > > @note = nil > > else > > @note = @user.notes.find(params[:id]) > > end -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
