Correcting "scope access" warning from Rails Best Practices

The code in question works, but Rails Best Practices docks me with a
scope
access warning. The code in question is:

def show
# NOTE: rails_best practices recommends using scope access
redirect_to(root_path) unless current_user == User.find(params[:id])
@user = User.find(params[:id])
end

How can I get this code to comply with the scope access standard?

Manage privilege at the model level…

On Tuesday, June 30, 2015 at 1:58:38 PM UTC-4, Jason H., Ruby on High

On Tuesday, June 30, 2015 at 6:58:38 PM UTC+1, Jason H., Ruby on High
Speed Rails wrote:

The code in question works, but Rails Best Practices docks me with a scope
access warning. The code in question is:

def show
# NOTE: rails_best practices recommends using scope access
redirect_to(root_path) unless current_user == User.find(params[:id])
@user = User.find(params[:id])
end

How can I get this code to comply with the scope access standard?

I think you’ve slightly confused it. It’s trying to warn you against
doing

post = Post.find params[:id]
if post.user == current_user

end

Because it’s better to do

current_user.posts.find(params[:id])

Which doesn’t apply in your case because it’s users you are fetching,
not some collection that belongs to a user. I’m not sure why you’re
bothering with the id parameter at all - why not

@user = current_user
?

Fred

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs