Adding additional conditions to find_by_id in Rails 3 -
i'm using rails 3.2.11 on mac
i have statement works fine:
object= object.find_by_id(params[:id])
i'm trying add together status statement did this:
object = object.where("id = :id , level <= :level",{:id => params[:id], :level => current_user.level}) will there risk in method? alternatives?
there's no risk presented statement, provided activerecord continues uphold contract of sanitizing input. alternative scope, that's doing same thing in different syntax.
one thing set default scope defines level restriction, standard find_by_id. if that's undesirable, utilize syntax properly:
object.where(id: params[:id], level: current_user.level) ruby-on-rails ruby-on-rails-3
No comments:
Post a Comment