Hi,
This is a piece of code found in a fictional Rails controller and
model.
Please point out any bugs or security problems in the code, fix them,
and refactor the code to make it cleaner.
class ProfileController < ApplicationController
def show
@user = User.find(:first, :conditions => "name =
'#{params[:name]}'")
@roles = Role.find(:all, :conditions => "user_id = #{@user.id}")
end
end
I think, your association between User and Role is as follows :
User has many roles
Role has many users
For this you may be using the model association as :
class User < ActiveRecord::Base
has_many :users_roles
has_many :roles, :through => :users_roles
end
class Role < ActiveRecord::Base
has_many :users_roles
has_many :users, :through => :users_roles
end
From this, the ProfileController can be written as :
class ProfileController < ApplicationController
def show
@user = User.find(:first, :conditions => ["name = ?",
params[:name]])
@roles = @user.roles
end
end
Thanks a lot to Neethu Satheesh.
Can you help me once again to answer the following:
What problems can arise when users hits the get_pdf action?
If there are problems, how can it be solved?
class PdfController < ApplicationController
def get_pdf
send_data Pdf.create(params[:contents])
end
end
class Pdf
def self.create(contents)
make_pdf(contents) # takes 30 seconds to run
end
end
Thanks Neethu Satheesh, no need to answer the above question I have
solved that problem.