diff options
| author | Francesco Rodriguez <lrodriguezsanc@gmail.com> | 2012-12-07 19:31:14 -0500 |
|---|---|---|
| committer | Francesco Rodriguez <lrodriguezsanc@gmail.com> | 2012-12-07 19:31:14 -0500 |
| commit | a3c29b70a9ec6696e76ba5a6e5ef856d31b3a427 (patch) | |
| tree | 92871486c940712e65f77e33f4604e4ef54e81a1 | |
| parent | 69163ccae6a49c89e1a62ac94b98222651dd5aa8 (diff) | |
| download | rails-a3c29b70a9ec6696e76ba5a6e5ef856d31b3a427.tar.gz rails-a3c29b70a9ec6696e76ba5a6e5ef856d31b3a427.tar.bz2 rails-a3c29b70a9ec6696e76ba5a6e5ef856d31b3a427.zip | |
use :only instead of :except callback option in the controller template
As [Security Guide](http://edgeguides.rubyonrails.org/security.html#whitelists-versus-blacklists)
says, it's better to use `before_filter only: []` instead of `except: []`
so we don't forget to turn the filter off for newly added actions.
| -rw-r--r-- | railties/lib/rails/generators/rails/scaffold_controller/templates/controller.rb | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/railties/lib/rails/generators/rails/scaffold_controller/templates/controller.rb b/railties/lib/rails/generators/rails/scaffold_controller/templates/controller.rb index 5fc4ab8f6c..24d97db407 100644 --- a/railties/lib/rails/generators/rails/scaffold_controller/templates/controller.rb +++ b/railties/lib/rails/generators/rails/scaffold_controller/templates/controller.rb @@ -4,8 +4,8 @@ require_dependency "<%= namespaced_file_path %>/application_controller" <% end -%> <% module_namespacing do -%> class <%= controller_class_name %>Controller < ApplicationController - before_action :set_<%= singular_table_name %>, except: [ :index, :new, :create ] - + before_action :set_<%= singular_table_name %>, only: [ :show, :edit, :update, :destroy ] + # GET <%= route_url %> # GET <%= route_url %>.json def index @@ -82,7 +82,6 @@ class <%= controller_class_name %>Controller < ApplicationController end end - private # Use callbacks to share common setup or constraints between actions. def set_<%= singular_table_name %> |