DoubleRender Question: who can answer?

Joe Peck wrote the following on 03.04.2007 19:37 :


In my application controller, I have a function like this:

  def is_owner_or_admin(user_id)
    if cur_user.role != "Admin" && != Integer(user_id)
      flash[:error] = "Access denied"
      redirect_to(:controller => :users, :action => :account) and return

I call it in my users controller like so:
  def show
    @user = User.find_by_id(params[:id])
    unless @user
      flash[:error] = "User not found"
      redirect_to :action => :account

If @user ends up being nil, however, then I get a DoubleRender error.
My question is, what can I put in "is_owner_or_admin" that will redirect
and not complete the "show" action?

I ended with throwing a SecurityError instead of redirecting, makes it
more DRY: I catch the exception and do what I want with it.

In your ApplicationController :

    # 1/ save the original exception handling
    alias_method :rescue_action_without_security_error, :rescue_action

    # 2/ handle the SecurityError case
    def rescue_action(exception)
        return rescue_action_without_security_error(exception) unless
        render :file => "#{RAILS_ROOT}/public/403.html", :status => 403

My personal choice has demonstrated above is to:
- log the hacking attempt,
- destroy the session,
- render a default 403 page with the corresponding HTTP Response code.