I have this code
def destroy
@property = Property.find(params[:id])
IsAuthorized?(@property.user_id)
@property.destroy
respond_to do |format|
format.html { redirect_to(properties_url) }
format.xml { head :ok }
end
end
def IsAuthorized?(id)
if current_user.id!= id
flash[:notice] = 'Not authorized '
redirect_to(properties_url)
end
end
If a not authorized user calls destroy it stills calls
@property.destroy.
How can I prevent the destory function from calling @property.destroy
if the user is not authorized?
Adding to the other replies to this, the fundamental problem is that
redirect_to (somewhat non-intuitively) is not like a goto command. It
initiates the redirect and then returns, so that IsAuthorized returns
and the destroy is called whatever happened within IsAuthorized.
I did you suggested but I got this message
Render and/or redirect were called multiple times in this action.
Please note that you may only call render OR redirect, and at most
once per action. Also note that neither redirect nor render terminate
execution of the action, so if you want to exit an action after
redirecting, you need to do something like "redirect_to(...) and
return".
I did you suggested but I got this message
Render and/or redirect were called multiple times in this action.
Please note that you may only call render OR redirect, and at most
once per action. Also note that neither redirect nor render terminate
execution of the action, so if you want to exit an action after
redirecting, you need to do something like "redirect_to(...) and
return".
Please put your replies inline rather than at the top of the message,
then statements such as "I did as you suggested" make sense as they
follow the suggestion made.
Read the other replies on this thread if you have not already done so.
The problem, as explained in the error message above is that
redirect_to is not a goto command but a function call. Execution
returns from there and drops through to the following code and so hits
the respond_to code and redirects again, which is illegal.
