Hi,-
I am looking for a clean and secure way for an ActiveRecord instance to
delete itself. Say I have a User model in my app. Then the destructive
action would be /users/user_id/destroy. If this action is not secured by
a filter like:
(*) before_filter :check_administrator_role, :only => :destroy
then any user could potentially log in and start issuing:
/users/1/destroy
/users/2/destroy
.
.
.
/users/n/destroy
But I want to give a User the possibility to delete [him|her]self.
Currently the only way I can think of it is this:
1) Remove the filter (*)
2) Re-code the destroy method so:
def destroy
@user = User.find(params[:id])
if logged_in_user == @user or
logged_in_user.has_role?(''administrator'')
if @user.destroy
flash[:notice] = "User deleted"
else
flash[:error] = "There was a problem deleting this user."
end
redirect_to :action => ''index''
end
But, is this the best way to do it?
Thanks in advance,
Vahagn
--
Posted via http://www.ruby-forum.com/.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---
Sorry, the code should have been:
def destroy
@user = User.find(params[:id])
if @user == logged_in_user or
logged_in_user.has_role?(''administrator'')
if @user.destroy
flash[:notice] = "User deleted"
else
flash[:error] = "There was a problem deleting this user."
end
redirect_to :action => ''index''
end
end
/ V.
--
Posted via http://www.ruby-forum.com/.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---
I don''t see anything wrong with this. I''d only resort to a filter if it was going to be used by multiple actions. On Feb 25, 11:02 am, Vahagn Hayrapetyan <rails-mailing-l...@andreas- s.net> wrote:> Sorry, the code should have been: > > def destroy > @user = User.find(params[:id]) > if @user == logged_in_user or > logged_in_user.has_role?(''administrator'') > if @user.destroy > flash[:notice] = "User deleted" > else > flash[:error] = "There was a problem deleting this user." > end > redirect_to :action => ''index'' > end > end > > / V. > -- > Posted viahttp://www.ruby-forum.com/.--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Yeah - good point Jeff. / V. Jeff Emminger wrote:> I don''t see anything wrong with this. I''d only resort to a filter if > it was going to be used by multiple actions. > > On Feb 25, 11:02�am, Vahagn Hayrapetyan <rails-mailing-l...@andreas--- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---