Hi all,
I''m in the process of working through my first rails app and had a
general security question. For simplicity''s sake, let''s say
I''ve got
an Article object with all of the scaffolding-generated files
(article.rb, articles_controller.rb and all of the list/edit/new/etc
views).
For obvious security reasons, I need to make sure all of these views
are only accessible to admins, since they all have links to add/edit/
delete the articles.
I''ve also created two additional views which basically mirror the list
and show views...the only difference being there are no add/edit/
delete links...everything is just read-only. These will be the public-
facing views.
My question is basically, how do I structure my application so that
any view and/or controller action that modifies the database is
password protected, while any "read-only" view that I''ve
created is
accessible to the general public?
Thanks in advance for your help!
-Brian
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---