Correcting "scope access" warning from Rails Best Practices
25 views
Skip to first unread message
Jason Hsu, Ruby on High Speed Rails
Jun 30, 2015, 1:58:38 PM6/30/15
to rubyonra...@googlegroups.com
The code in question works, but Rails Best Practices docks me with a scope access warning. The code in question is:
def show
# NOTE: rails_best practices recommends using scope access
redirect_to(root_path) unless current_user == User.find(params[:id])
@user = User.find(params[:id])
end
How can I get this code to comply with the scope access standard?
def show
# NOTE: rails_best practices recommends using scope access
redirect_to(root_path) unless current_user == User.find(params[:id])
@user = User.find(params[:id])
end
How can I get this code to comply with the scope access standard?
Elizabeth McGurty
Jun 30, 2015, 3:43:35 PM6/30/15
to rubyonra...@googlegroups.com
Manage privilege at the model level...
Frederick Cheung
Jun 30, 2015, 3:49:43 PM6/30/15
to rubyonra...@googlegroups.com, jhsu8...@gmail.com
post = Post.find params[:id]
if post.user == current_user
...
end
Because it's better to do
current_user.posts.find(params[:id])
Which doesn't apply in your case because it's users you are fetching, not some collection that belongs to a user. I'm not sure why you're bothering with the id parameter at all - why not
@user = current_user
?
Fred
Reply all
Reply to author
Forward
0 new messages