should a user’s home page be invoked by a show then id => meaning /
show/id(of user)?? when they log into the application? because it
would be easy for another user to use /show/3 to access of another
user.
Whats the normal procedure when a user logs into your app to get to
his account page?
tyliong wrote:
should a user’s home page be invoked by a show then id => meaning /
show/id(of user)?? when they log into the application? because it
would be easy for another user to use /show/3 to access of another
user.
Whats the normal procedure when a user logs into your app to get to
his account page?
It would be very easy, but that is why you do validation checking. For
example, im my controller I not only save a session variable with the
users id but also I have a before_filter that checks the users.id with
the session[:id] value, if they don’t match the user gets kicked off or
back to a login page.
-S
you store the id of the logged in user in the session.
then on the personal show page you only use the id
stored in the session to access his/her data.
You can use singular resources for the user, then
you do not even need to use the id in the url
map.resource :user
instead of
map.resources :user
will allow for that.
thin in the controller:
@user = User.find(session[:user_id])
and all data related by the user only from associations (eg he has
orders)
@user.orders.each dp |order|
That’s roughly how to use Rails to make sure,
nobody can access data that’s not his own
thanks i’ll try it out once i have the chance
On Aug 26, 10:08 pm, Shandy N. [email protected]