The code in question works, but Rails Best Practices docks me with a scope access warning. The code in question is:
def show # NOTE: rails_best practices recommends using scope access redirect_to(root_path) unless current_user == User.find(params[:id]) @user = User.find(params[:id]) end
How can I get this code to comply with the scope access standard?
Manage privilege at the model level…
On Tuesday, June 30, 2015 at 1:58:38 PM UTC-4, Jason Hsu, Ruby on High Speed Rails wrote:
On Tuesday, June 30, 2015 at 6:58:38 PM UTC+1, Jason Hsu, Ruby on High Speed Rails wrote:
The code in question works, but Rails Best Practices docks me with a scope access warning. The code in question is:
def show # NOTE: rails_best practices recommends using scope access redirect_to(root_path) unless current_user == User.find(params[:id]) @user = User.find(params[:id]) end
How can I get this code to comply with the scope access standard?
I think you've slightly confused it. It's trying to warn you against doing
post = Post.find params[:id] if post.user == current_user ... end
Because it's better to do
current_user.posts.find(params[:id])
Which doesn't apply in your case because it's users you are fetching, not some collection that belongs to a user. I'm not sure why you're bothering with the id parameter at all - why not
@user = current_user ?
Fred