In your show method:
@photo = User.find
(params[:user_id]).albums.find(params[:album_id]).photos.find(params[:id])
On Jan 7, 2008 10:36 AM, knb
<kylebanker-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
>
> What is the standard method of ensuring that the IDs in a nested route
> are consistent with one another?
>
>
> Suppose my RESTful rails app uses the following route:
>
> users/5/albums/2/photos/7
>
> A GET request to this route will trigger the ''show''
action for a
> photo. Now, this action only needs the final id of 7 to render the
> photo, which means that
>
> users/20/albums/20/photos/7
>
> will render the same photo from the same album. This is sloppy and
> potentially insecure.
>
> The most obvious solution would be to check that these IDs are
> consistent in some kind of before_filter, and then redirect if
they''re
> not.
>
> I''m just wondering if there''s some standard, clever way
of doing
> this. A best practice, perhaps? How do developers handle this?
>
> Thanks
>
>
> >
>
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---