my question is maybe silly.... but it's already July 4th .. and I am
tired..
until now I have been using in my tests the following routes
(simplified version)
map.resources :academies do |academies|
academies.resources :ecourses
academies.resources :instructors
academies.resources :trainees
end
so I get the URL type : /academies/1/libraries from
academy_libraries_path(current_user.academy)
the current_user being defined , and he is always logged into one
academy when working ( current_user.academy)
I wonder is it possible to replace academy_id in the URL with a
string 'CURRENT' ? and have :
/academies/CURRENT/libraries (then nobody could hack the academy)
or is it better to keep the REST URL type and perform a security check
(permit ) in the controller ??
thanks
on 2009-07-04 00:13
on 2009-07-05 00:14
You may also want to look at the :shallow option to map.resources - it does pretty much what you're looking for. --Matt Jones
Enable email notification
Enable multi-page viewPlease log in before posting. Registration is free and takes only a minute.
Existing account
(Switch to SSL-encrypted connection)
NEW: Do you have a Google/GoogleMail or Yahoo account? No registration required!
Log in with Google account | Log in with Yahoo account
Log in with Google account | Log in with Yahoo account
No account? Register here.