this is good practice on security issues?

时间:2015-08-07 02:36:32

标签: ruby-on-rails ruby-on-rails-3 ruby-on-rails-4

Use this to restrict entry to views that do not want users to enter (method new, edit, destroy)

   def new
       if (user_signed_in? &&( current_user.role == 'admin'))
        @carroceria = Carroceria.new
         render 'new'
       else
           render file: "#{Rails.root}/public/404.html", layout: false, status: 404
       end
     end

   def edit
      if (user_signed_in? &&( current_user.role == 'admin'))
         render 'new'
      else
         render file: "#{Rails.root}/public/404.html", layout: false, status: 404
      end
     end

And destroy method.

  def destroy
     if (user_signed_in? &&( current_user.role == 'admin'))
      @carroceria.destroy
     respond_to do |format|
       format.html { redirect_to carrocerias_url, notice: 'Carroceria was successfully destroyed.' }
       format.json { head :no_content }
     end
     else
       render file: "#{Rails.root}/public/404.html", layout: false, status: 404
     end
   end

best regards guys..

0 个答案:

没有答案
相关问题
最新问题