Permalink
Browse files

use :only instead of :except callback option in the controller template

As [Security Guide](http://edgeguides.rubyonrails.org/security.html#whitelists-versus-blacklists)
says, it's better to use `before_filter only: []` instead of `except: []`
so we don't forget to turn the filter off for newly added actions.
  • Loading branch information...
1 parent 69163cc commit a3c29b70a9ec6696e76ba5a6e5ef856d31b3a427 Francesco Rodriguez committed Dec 8, 2012
Showing with 2 additions and 3 deletions.
  1. +2 −3 railties/lib/rails/generators/rails/scaffold_controller/templates/controller.rb
@@ -4,8 +4,8 @@
<% end -%>
<% module_namespacing do -%>
class <%= controller_class_name %>Controller < ApplicationController
- before_action :set_<%= singular_table_name %>, except: [ :index, :new, :create ]
-
+ before_action :set_<%= singular_table_name %>, only: [ :show, :edit, :update, :destroy ]
+
# GET <%= route_url %>
# GET <%= route_url %>.json
def index
@@ -82,7 +82,6 @@ def destroy
end
end
-
private
# Use callbacks to share common setup or constraints between actions.
def set_<%= singular_table_name %>

0 comments on commit a3c29b7

Please sign in to comment.