SUZUKI Miho
null+****@clear*****
Mon Sep 10 11:36:47 JST 2012
SUZUKI Miho 2012-09-10 11:36:47 +0900 (Mon, 10 Sep 2012) New Revision: 2e9a51c7586534c3d49863caf574631f214570ea https://github.com/logaling/logaling-server/commit/2e9a51c7586534c3d49863caf574631f214570ea Log: Check user id before creating user glossary Modified files: app/controllers/user_glossaries_controller.rb app/views/dashboard/show.html.haml Modified: app/controllers/user_glossaries_controller.rb (+9 -1) =================================================================== --- app/controllers/user_glossaries_controller.rb 2012-09-07 18:23:17 +0900 (de08f6b) +++ app/controllers/user_glossaries_controller.rb 2012-09-10 11:36:47 +0900 (4f6bc6b) @@ -1,5 +1,7 @@ +#coding: utf-8 class UserGlossariesController < ApplicationController before_filter :set_user + before_filter :valid_user?, :only => [:new, :create] before_filter :set_user_glossary, :only => :create # GET /user_glossaries/1 @@ -21,7 +23,6 @@ class UserGlossariesController < ApplicationController # POST /user_glossaries # POST /user_glossaries.json def create - #TODO: check user_id if @user_glossary.create respond_to do |format| if @user_glossary.save @@ -43,4 +44,11 @@ class UserGlossariesController < ApplicationController def set_user_glossary @user_glossary =****@user*****_glossaries.build(params[:user_glossary]) end + + def valid_user? + if****@user***** != params[:user_id] + flash[:notice] = "不正なアクセスです" + redirect_to :controller => :dashboard, :action => :show + end + end end Modified: app/views/dashboard/show.html.haml (+2 -0) =================================================================== --- app/views/dashboard/show.html.haml 2012-09-07 18:23:17 +0900 (0013540) +++ app/views/dashboard/show.html.haml 2012-09-10 11:36:47 +0900 (8e70a98) @@ -1,2 +1,4 @@ +%p#notice= notice + .well %p= link_to "Create user glossary", new_user_glossary_path(:user_id => current_user) -------------- next part -------------- An HTML attachment was scrubbed...Download
