Permalink
Browse files

Merge branch 'master' of github.com:nathanl/authority

  • Loading branch information...
2 parents 6c23712 + 8715b13 commit 17f0bb569de05b3cbc2d757e666541ae3afe6570 Nathan Long committed May 12, 2012
Showing with 7 additions and 1 deletion.
  1. +7 −1 README.markdown
View
@@ -294,8 +294,14 @@ class LlamaController < ApplicationController
def edit
@llama = Llama.find(params[:id])
+ authorize_action_for(@llama) # Check to see if you're allowed to edit this llama. failure == SecurityViolation
+ end
+
+ def update
+ @llama = Llama.find(params[:id])
+ authorize_action_for(@llama) # Check to see if you're allowed to edit this llama.
@llama.attributes = params[:llama] # Don't save the attributes before authorizing
- authorize_action_for(@llama) # failure == SecurityViolation
+ authorize_action_for(@llama) # Check again, to see if the changes are allowed.
if @llama.save?
# etc
end

0 comments on commit 17f0bb5

Please sign in to comment.