Cleaning up some security checking code

Hi,

Does anyone have any thoughts on a cleaner way to achieve the
following in a controller …

def show
if current_user.can_access_organisation(params[:id])
@organisation = Organisation.find(params[:id])
end
respond_to do |format|
format.html # show.html.erb
format.xml { render :xml => @organisation }
end
end

As you can see I am testing to make sure the current user is able to
access an organisation, however the site breaks when the test is
broken which doesn’t look very nice.

Any ideas much appreciated.

Richie.

You only set @organisation to a value if the user can access the
organization…so sometimes @organization is nil and you’ll have an
error when trying to access it.

try something like this to make sure you don’t try to access a nil
value.

if can access
@organisation =
respond_to do |format|
format.html # show.html.erb
format.xml { render :xml => @organisation }
end
else
respond_to do |format|
format.html { redirect_to, or render an error of some sort }
format.xml { redirect_to, or render an error }
end
end

On Oct 14, 3:42pm, Creative Technologist

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs