logaling

[logaling-commit] logaling/logaling-server [master] Check user id before creating user glossary

SUZUKI Miho null+****@clear*****
Mon Sep 10 11:36:47 JST 2012

• Previous message: [logaling-commit] logaling/logaling-server [enable-creating-user-glossary] Check user id before creating user glossary
• Next message: [logaling-commit] logaling/logaling-server [enable-creating-user-glossary] Change parameter string to integer
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

SUZUKI Miho	2012-09-10 11:36:47 +0900 (Mon, 10 Sep 2012)

  New Revision: 2e9a51c7586534c3d49863caf574631f214570ea
  https://github.com/logaling/logaling-server/commit/2e9a51c7586534c3d49863caf574631f214570ea

  Merged c5d082c: Merge pull request #13 from logaling/enable-creating-user-glossary

  Log:
    Check user id before creating user glossary

  Modified files:
    app/controllers/user_glossaries_controller.rb
    app/views/dashboard/show.html.haml

  Modified: app/controllers/user_glossaries_controller.rb (+9 -1)
===================================================================
--- app/controllers/user_glossaries_controller.rb    2012-09-07 18:23:17 +0900 (de08f6b)
+++ app/controllers/user_glossaries_controller.rb    2012-09-10 11:36:47 +0900 (4f6bc6b)
@@ -1,5 +1,7 @@
+#coding: utf-8
 class UserGlossariesController < ApplicationController
   before_filter :set_user
+  before_filter :valid_user?, :only => [:new, :create]
   before_filter :set_user_glossary, :only => :create
 
   # GET /user_glossaries/1
@@ -21,7 +23,6 @@ class UserGlossariesController < ApplicationController
   # POST /user_glossaries
   # POST /user_glossaries.json
   def create
-    #TODO: check user_id
     if @user_glossary.create
       respond_to do |format|
         if @user_glossary.save
@@ -43,4 +44,11 @@ class UserGlossariesController < ApplicationController
   def set_user_glossary
     @user_glossary =****@user*****_glossaries.build(params[:user_glossary])
   end
+
+  def valid_user?
+    if****@user***** != params[:user_id]
+      flash[:notice] = "不正なアクセスです"
+      redirect_to :controller => :dashboard, :action => :show
+    end
+  end
 end

  Modified: app/views/dashboard/show.html.haml (+2 -0)
===================================================================
--- app/views/dashboard/show.html.haml    2012-09-07 18:23:17 +0900 (0013540)
+++ app/views/dashboard/show.html.haml    2012-09-10 11:36:47 +0900 (8e70a98)
@@ -1,2 +1,4 @@
+%p#notice= notice
+
 .well
   %p= link_to "Create user glossary", new_user_glossary_path(:user_id => current_user)
-------------- next part --------------
An HTML attachment was scrubbed...
Download 

• Previous message: [logaling-commit] logaling/logaling-server [enable-creating-user-glossary] Check user id before creating user glossary
• Next message: [logaling-commit] logaling/logaling-server [enable-creating-user-glossary] Change parameter string to integer
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]