So, this is a rail app but actually more of a general ruby question:
I have For example a model with multiple scopes:
Photo. Rent photo photographer. FEATURED My app has a "Browse photo" view where I want to be able to pass the same paragraph and the user should specify that area they want to see , That is:
example.com/photos/browse?view=recent It gives me advice [: view], and let me picture it The method must be attached as a call.
So my first question is how can you do this in Ruby
Secondly, it can be a security risk if I can not stop the input, if I only photograph I am attached. Whatever the user type in the url then I have a risk to the hacker example.com/photos/browse?view=delete_all This is obviously a bad idea. So my second question is, how can I create a whitelist or something - or better method of any kind that can safely accept the URL from the URL and if If the user is requesting a valid nominated radius, then only the information can be returned.
L is unstable, I have some scopes that are only for administrators. I have defined user capabilities (using cancan) so that I authorize a user for anything Whether or not to check that current_user.has_role? can query, but is there a way to associate permissions from a radius? Thank you!
TBH, unless you have too many of these Scopes, I Just make them mapcode the ultimate values to hardcode or lambdas. In the event that you really want to do what you have said, you can do something like this: < Ex> whitelist =% w (recently popularized) if whitelist.include? Edit : Maybe try it [edit]
?
if photo.valid_scope_name? Params [: View] Photo = Pandemic [: View] .to_sym end This is a protected method, so you may have to use it:
If photo.send: valid_scope_name?, Params [: view] photo = photo send parameter [: view] .to_sym end
Comments
Post a Comment