use :only instead of :except callback option in the controller template
As [Security Guide](http://edgeguides.rubyonrails.org/security.html#whitelists-versus-blacklists) says, it's better to use `before_filter only: []` instead of `except: []` so we don't forget to turn the filter off for newly added actions.
This commit is contained in:
parent
69163ccae6
commit
a3c29b70a9
|
@ -4,8 +4,8 @@ require_dependency "<%= namespaced_file_path %>/application_controller"
|
|||
<% end -%>
|
||||
<% module_namespacing do -%>
|
||||
class <%= controller_class_name %>Controller < ApplicationController
|
||||
before_action :set_<%= singular_table_name %>, except: [ :index, :new, :create ]
|
||||
|
||||
before_action :set_<%= singular_table_name %>, only: [ :show, :edit, :update, :destroy ]
|
||||
|
||||
# GET <%= route_url %>
|
||||
# GET <%= route_url %>.json
|
||||
def index
|
||||
|
@ -82,7 +82,6 @@ class <%= controller_class_name %>Controller < ApplicationController
|
|||
end
|
||||
end
|
||||
|
||||
|
||||
private
|
||||
# Use callbacks to share common setup or constraints between actions.
|
||||
def set_<%= singular_table_name %>
|
||||
|
|
Loading…
Reference in New Issue