kotovalexarian-likes-github
/
rails--rails
mirror of https://github.com/rails/rails.git
1
0
Fork 0
Code Releases Activity

use :only instead of :except callback option in the controller template 

As [Security Guide](http://edgeguides.rubyonrails.org/security.html#whitelists-versus-blacklists)
says, it's better to use `before_filter only: []` instead of `except: []`
so we don't forget to turn the filter off for newly added actions.
This commit is contained in:
Francesco Rodriguez 2012-12-07 19:31:14 -05:00
parent 69163ccae6
commit a3c29b70a9
1 changed files with 2 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
railties/lib/rails/generators/rails/scaffold_controller/templates/controller.rb
View File

@ -4,8 +4,8 @@ require_dependency "<%= namespaced_file_path %>/application_controller"
<% end -%>
<% module_namespacing do -%>
class <%= controller_class_name %>Controller < ApplicationController
before_action :set_<%= singular_table_name %>, except: [ :index, :new, :create ]
before_action :set_<%= singular_table_name %>, only: [ :show, :edit, :update, :destroy ]
# GET <%= route_url %>
# GET <%= route_url %>.json
def index
@ -82,7 +82,6 @@ class <%= controller_class_name %>Controller < ApplicationController
end
end
private
# Use callbacks to share common setup or constraints between actions.
def set_<%= singular_table_name %>