Rails - Jun 2010 - "show" action - restrict manual url change from user to view

This is "show" action in my "category controller".

   #---- Show ---
  def show
    # @category=Category.find(params[:category_id])
     @category=Category.find(params[:category_id])
  end

"show" action - restrict manual url change from user to view the
inactive records. "
Active/inactive are set via status column in category table.
where status=''A''

since the url shows up in the url bar, the user can simply type in a
different category_id and view the record, even if status =
''I''
but, i don''t want the user to modify the url and view the category
where
status <> ''A''
In short, the users get to view only status=''A''

How do i do this for show action? (since this accepts a param)
I made the change for list action and list is working fine and shows
only where status=''A''. List doesn''t accept any params
such as
"category_id" so it was ok.

but this show accepts a param which is category_id.

let me know how i could get the result of showing only actives and none
other statuses, directly from the url or via show action.

thanks,
radha.

(i have tried by best to communicate.. but let me know if any is not
clear. i will re-iterate)

thanks
-- 
Posted via http://www.ruby-forum.com/.

-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.

On 29 June 2010 03:36, RailsFan Radha
<lists-fsXkhYbjdPsEEoCn2XhGlw@public.gmane.org>
wrote:
>
> This is "show" action in my "category controller".
>
>   #---- Show ---
>  def show
>    # @category=Category.find(params[:category_id])
>     @category=Category.find(params[:category_id])
>  end
>
> "show" action - restrict manual url change from user to view the
> inactive records. "
> Active/inactive are set via status column in category table.
> where status=''A''
>
> since the url shows up in the url bar, the user can simply type in a
> different category_id and view the record, even if status =
''I''
> but, i don''t want the user to modify the url and view the category
where
> status <> ''A''
> In short, the users get to view only status=''A''
>
> How do i do this for show action? (since this accepts a param)
> I made the change for list action and list is working fine and shows
> only where status=''A''. List doesn''t accept any
params such as
> "category_id" so it was ok.
>
> but this show accepts a param which is category_id.
>
> let me know how i could get the result of showing only actives and none
> other statuses, directly from the url or via show action.
Add a condition to the find call so that it only finds active
categories.  If the id does not match a valid category then it will
return nil.

Colin
>
> thanks,
> radha.
>
> (i have tried by best to communicate.. but let me know if any is not
> clear. i will re-iterate)
>
> thanks
> --
> Posted via http://www.ruby-forum.com/.
>
> --
> You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
> To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
> To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe@googlegroups.com.
> For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.
>
>
-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.

On Jun 28, 10:36 pm, RailsFan Radha
<li...-fsXkhYbjdPsEEoCn2XhGlw@public.gmane.org>
wrote:
> This is "show" action in my "category controller".
>
>    #---- Show ---
>   def show
>     # @category=Category.find(params[:category_id])
>      @category=Category.find(params[:category_id])
>   end
>
> "show" action - restrict manual url change from user to view the
> inactive records. "
> Active/inactive are set via status column in category table.
> where status=''A''
>
> since the url shows up in the url bar, the user can simply type in a
> different category_id and view the record, even if status =
''I''
> but, i don''t want the user to modify the url and view the category
where
> status <> ''A''
> In short, the users get to view only status=''A''
>
If you''re doing this a lot, you should add it as a scope to the
Category model:

class Category < ActiveRecord::Base
  named_scope :active, :conditions => { :status => ''A'' }
end

Then your controller action could be:

def show
  @category = Category.active.find(params[:category_id])
end

which will throw a RecordNotFound if the supplied ID isn''t also
active.

BTW, the use of :category_id in the above sample is odd - if you''re in
CategoriesController and have the standard routing, (/categories/:id)
the parameter will be named :id. :category_id would be used if, for
instance, you had a nested route to a Post model:

/categories/:category_id/posts
/categories/:category_id/posts/new

etc.

--Matt Jones

-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.

Thanks Matt.


I see a lot of named_scope question.
I have just started with rails and have created a few paages manually 
without scaffolding, but producing the same results.
That is where i stand with rails.

I am not clear on the named_scope.
Sorry for this silly question.
What is this named_scope. You have provided a very good example, but 
still..
I''m sure all gurus are aware of it, i see it recommended by several
ppl.

 thanks in advance.

radha

Matt Jones wrote:
> On Jun 28, 10:36�pm, RailsFan Radha
<li...-fsXkhYbjdPsEEoCn2XhGlw@public.gmane.org> wrote:
>> Active/inactive are set via status column in category table.
>> where status=''A''
>>
>> since the url shows up in the url bar, the user can simply type in a
>> different category_id and view the record, even if status =
''I''
>> but, i don''t want the user to modify the url and view the
category where
>> status <> ''A''
>> In short, the users get to view only status=''A''
>>
> 
> If you''re doing this a lot, you should add it as a scope to the
> Category model:
> 
> class Category < ActiveRecord::Base
>   named_scope :active, :conditions => { :status =>
''A'' }
> end
> 
> Then your controller action could be:
> 
> def show
>   @category = Category.active.find(params[:category_id])
> end
> 
> which will throw a RecordNotFound if the supplied ID isn''t also
> active.
> 
> BTW, the use of :category_id in the above sample is odd - if
you''re in
> CategoriesController and have the standard routing, (/categories/:id)
> the parameter will be named :id. :category_id would be used if, for
> instance, you had a nested route to a Post model:
> 
> /categories/:category_id/posts
> /categories/:category_id/posts/new
> 
> etc.
> 
> --Matt Jones
-- 
Posted via http://www.ruby-forum.com/.

-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.

On 9 July 2010 03:35, RailsFan Radha
<lists-fsXkhYbjdPsEEoCn2XhGlw@public.gmane.org>
wrote:
> Thanks Matt.
>
>
> I see a lot of named_scope question.
> I have just started with rails and have created a few paages manually
> without scaffolding, but producing the same results.
> That is where i stand with rails.
>
> I am not clear on the named_scope.
> Sorry for this silly question.
> What is this named_scope. You have provided a very good example, but
> still..
Try googling for named_scope.  It will provide many useful links.
Did you not think of that yourself?  Google is generally much quicker
than waiting for a response on the list ( 5 seconds vs 7 hours in this
case).

Colin

-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.

Of course, i google and get into tutorials and books on rails.
This one i just to want to get some inputs from experts as i am in my 
learning curve to get into rails.

thanks again for all ur help in this forum. It helps who are in the 
learning curve.

thanks,

thanks again,
radha.

Colin Law wrote:
> On 9 July 2010 03:35, RailsFan Radha
<lists-fsXkhYbjdPsEEoCn2XhGlw@public.gmane.org> wrote:
>> What is this named_scope. You have provided a very good example, but
>> still..
> 
> Try googling for named_scope.  It will provide many useful links.
> Did you not think of that yourself?  Google is generally much quicker
> than waiting for a response on the list ( 5 seconds vs 7 hours in this
> case).
> 
> Colin
-- 
Posted via http://www.ruby-forum.com/.

-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.