Friday, September 2, 2011
On Fri, Sep 2, 2011 at 7:26 PM, 7stud -- <lists@ruby-forum.com> wrote:
My logic in the correct_user() before filter is: why should I have to
search the database for the user:
when I can just compare the id of the user in the session:
user = User.find(params[:id])
to the id in the url:
get_user_from_session.id.to_s
params[:id]
i'm assuming that get_user_from_session returns a User object.
>> get_user_from_session.id.to_s # User with ID = 1
>> User.find('1-user-name') # User with ID = 1
so comparing params[:id] with the User ID converted to string will not always be equal.
--
Posted via http://www.ruby-forum.com/.
--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
-------------------------------------------------------------
visit my blog at http://jimlabs.heroku.com
--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment