Alex
Reputation: 2076
Rails: optimizing a controller action (security checking)
I have an action in a controller that looks like this:
def show
@project = current_customer.projects.where(id: params[:project_id]).first
if @project
@feature = @project.features.where(id: params[:feature_id]).first
if @feature
@conversation = @feature.conversations.where(id: params[:id]).first
unless @conversation
head 401
end
else
head 401
end
else
head 401
end
end
The problem is the repetition of head 401. Is there a better way to write this action ?
Upvotes: 1
Views: 100
Answers (2)
NotGrm
Reputation: 111
Maybe you can refactor in your project model with something like this
Model Project
...
def get_conversation
feature = features.where(id: params[:feature_id]).first
conversation = feature.conversations.where(id: params[:id]).first if feature
end
And in your Controller
Controller ProjectController
def show
@project = current_customer.projects.where(id: params[:project_id]).first
@conversation = @project.get_conversation
head 401 unless @conversation
end
Upvotes: 1
Baldrick
Reputation: 24340
I would write it like this
def show
@project = current_customer.projects.where(id: params[:project_id]).first
@feature = @project.features.where(id: params[:feature_id]).first if @project
@conversation = @feature.conversations.where(id: params[:id]).first if @feature
# error managment
head 401 unless @conversation
end
Upvotes: 3
Related Questions
- Rails controller: authenticating only for certain actions
- Best way to add controller actions in protected method
- How to secure Ruby on Rail CRUD actions?
- Rails: How to prevent unauthorized access of controller update action
- When to add method to application_controller.rb
- Ruby on Rails: The same check in multiple actions in a controller
- Best way to do permissions checks in controllers.
- Rails security validations in controller?
- Advice on Rails sanitize() in the view or how secure is my code
- Mixing security logic with models in Ruby on Rails?