use :only instead of :except callback option in the controller template

As [Security Guide](http://edgeguides.rubyonrails.org/security.html#whitelists-versus-blacklists) says, it's better to use `before_filter only: []` instead of `except: []` so we don't forget to turn the filter off for newly added actions.
rails · Dec 8, 2012 · a3c29b7 · a3c29b7
1 parent 69163cc
commit a3c29b7
Showing 1 changed file with 2 additions and 3 deletions.
diff --git a/railties/lib/rails/generators/rails/scaffold_controller/templates/controller.rb b/railties/lib/rails/generators/rails/scaffold_controller/templates/controller.rb
@@ -4,8 +4,8 @@
 <% end -%>
 <% module_namespacing do -%>
 class <%= controller_class_name %>Controller < ApplicationController
-  before_action :set_<%= singular_table_name %>, except: [ :index, :new, :create ]
-  
+  before_action :set_<%= singular_table_name %>, only: [ :show, :edit, :update, :destroy ]
+
   # GET <%= route_url %>
   # GET <%= route_url %>.json
   def index
@@ -82,7 +82,6 @@ def destroy
     end
   end
 
-
   private
     # Use callbacks to share common setup or constraints between actions.
     def set_<%= singular_table_name %>