Hi all,
I’m in the process of working through my first rails app and had a
general security question. For simplicity’s sake, let’s say I’ve got
an Article object with all of the scaffolding-generated files
(article.rb, articles_controller.rb and all of the list/edit/new/etc
views).
For obvious security reasons, I need to make sure all of these views
are only accessible to admins, since they all have links to add/edit/
delete the articles.
I’ve also created two additional views which basically mirror the list
and show views…the only difference being there are no add/edit/
delete links…everything is just read-only. These will be the public-
facing views.
My question is basically, how do I structure my application so that
any view and/or controller action that modifies the database is
password protected, while any “read-only” view that I’ve created is
accessible to the general public?
Thanks in advance for your help!
-Brian