English 中文(简体)
Rails - Too much logic in views?
原标题:

I have an application used by several organizations and I want to check that users of one domain (a.domain.com) cannot edit users of another domain (b.domain.com). My question is where to put the logic, in a before filter or in the view?

View:

<% if @user.websites.detect {|website| website.url == request.host} %>
  render :partial =>  form 
<% else %>
  render :partial =>  no_access 
<% end %>

Or, in the controller:

before_filter :verify_editable_user, :only => [ edit ,  update ,  delete ]
protected
def verify_editable_user
  @user = User.find(params[:id], :include =>  websites )
  unless @user.websites.detect {|website| website.url == request.host}
    render  no_access 
  end
end

In this scenario, the first version feels cleaner to me. However, the second seems more along the MVC scenario. What do you think? Am I way off base? Thanks in advance.

最佳回答

I recommend using the lockdown gem for authorization. (see http://stonean.com/)

The second one is in fact much cleaner.

时间:2009-11-18 01:10:33
问题回答

A couple other authorization gems to check out would be CanCan and acl9.

时间:2009-11-18 01:16:49

You shouldn t place logic in your views. Having logic in the controllers and not in the views will actually make your testing easier...

时间:2009-11-18 01:44:03

I would recommend before_filter and acl9. Also using presenters to get code out of your views and into a testable ruby object

时间:2009-11-18 02:17:47


上一篇:
下一篇:


相关问题
rails collection_select vs. select

collection_select and select Rails helpers: Which one should I use? I can t see a difference in both ways. Both helpers take a collection and generates options tags inside a select tag. Is there a ...

时间:2009-11-13 11:13:04 回答:3 展示:1
SSL slowness in EC2

We ve deployed our rails app to EC2. In our setup, we have two proxies on small instances behind round-robin DNS. These run nginx load balancers for a dynamically growing and shrinking farm of web ...

时间:2009-11-13 03:37:45 回答:3 展示:1
Auth-code with A-Za-z0-9 to use in an URL parameter

As part of a web application I need an auth-code to pass as a URL parameter. I am currently using (in Rails) : Digest::SHA1.hexdigest((object_id + rand(255)).to_s) Which provides long strings like : ...

时间:2009-11-09 19:05:27 回答:4 展示:1
RubyCAS-Client question: Rails

I ve installed RubyCAS-Client version 2.1.0 as a plugin within a rails app. It s working, but I d like to remove the ?ticket= in the url. Is this possible?

时间:2009-11-09 18:52:58 回答:1 展示:1
activerecord has_many :through find with one sql call

I have a these 3 models: class User < ActiveRecord::Base has_many :permissions, :dependent => :destroy has_many :roles, :through => :permissions end class Permission < ActiveRecord::...

时间:2009-11-09 16:00:01 回答:3 展示:1
Ordering a hash to xml: Rails

I m building an xml document from a hash. The xml attributes need to be in order. How can this be accomplished? hash.to_xml

时间:2009-11-09 15:49:30 回答:5 展示:1
Text Editor for Ruby-on-Rails

guys which text editor is good for Rubyonrails? i m using Windows and i was using E-Texteditor but its not free n its expired now can anyone plese tell me any free texteditor? n which one is best an ...

时间:2009-11-09 14:40:21 回答:13 展示:1
How to get SQL queries for each user where env is production

I’m developing an application dedicated to generate statistical reports, I would like that user after saving their stat report they save sql queries too. To do that I wrote the following module: ...

时间:2009-11-09 14:20:51 回答:1 展示:1
热门标签

友情链接

Allggapp Alljchome-教程家园 mvfinale.com-影视剧情大结局大全