On Viernes, 11 de Noviembre de 2011 01:56:27 slava escribió: > Hello, > I want to be able to pass scope param into my embedded scaffold and > wrote this method and put it the controller (should it go into > helper?) > > def beginning_of_chain > scope = params[:scope] ? params[:scope].to_sym : nil > if scope and super.send(scope).class == ActiveRecord::Relation > super.send scope > end > end
You should add else super Or it won't work with params[:scope] is nil > > My question is security related. What would prevent some one to pass > param=delete_all and mess up my database and how can I protect against > this. Change the scope test and use this: super.class.scopes.keys.include? scope > > thank you. -- Sergio Cambra .:: entreCables S.L. ::. Mariana Pineda 23, 50.018 Zaragoza T) 902 021 404 F) 976 52 98 07 E) [email protected] -- You received this message because you are subscribed to the Google Groups "ActiveScaffold : Ruby on Rails plugin" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/activescaffold?hl=en.
