team-alpha/railsgoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Convert file indentation to spaces

Browse Source
This commit is contained in:
James Espinosa
2014-07-05 20:17:27 -05:00
parent 68e6a01743
commit 7e4fad462b
88 changed files with 2915 additions and 2999 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/views/layouts/tutorial/url_access/_url_access_first.html.erb
+37 -37
View File
@@ -31,15 +31,15 @@
<div class="accordion-body collapse" id="collapseTwo" style="height: 0px;">
<div class="accordion-inner">
<p class="desc">
Rails provides the ability to apply before_filter(s) which run prior to rendering content to the user. This is helpful when restricting access to content based on the user's role. Currently, the methods to apply a before_filter already exist in the application controller but were forgotten when creating the administrative functionality. Notice an asbsence of the before_filter within app/controllers/admin_controller.rb
</p>
<pre class="ruby">
<%= %q{
class AdminController < ApplicationController
Rails provides the ability to apply before_filter(s) which run prior to rendering content to the user. This is helpful when restricting access to content based on the user's role. Currently, the methods to apply a before_filter already exist in the application controller but were forgotten when creating the administrative functionality. Notice an asbsence of the before_filter within app/controllers/admin_controller.rb
</p>
<pre class="ruby">
<%= %q{
class AdminController < ApplicationController
skip_before_filter :has_info
} %>
</pre>
skip_before_filter :has_info
} %>
</pre>
</div>
</div>
@@ -55,40 +55,40 @@
<div class="accordion-body collapse" id="collapseThree" style="height: 0px;">
<div class="accordion-inner">
<p><b>Failure to Restrict URL Access - ATTACK</b></p>
<p class="desc">
Request the following URL /admin/1/dashboard and have fun :-)
</p>
<p><b>Failure to Restrict URL Access - SOLUTION</b></p>
<p class="desc">
The code is already available to restrict access to the admin controller by role within app/controllers/application_controller.rb:
</p>
<pre class="ruby">
helper_method :current_user, <span style="background-color:yellow">:is_admin?</span>
<p class="desc">
Request the following URL /admin/1/dashboard and have fun :-)
</p>
<p><b>Failure to Restrict URL Access - SOLUTION</b></p>
<p class="desc">
The code is already available to restrict access to the admin controller by role within app/controllers/application_controller.rb:
</p>
<pre class="ruby">
helper_method :current_user, <span style="background-color:yellow">:is_admin?</span>
def is_admin?
current_user.admin if current_user
end
def is_admin?
current_user.admin if current_user
end
def administrative
if not is_admin?
reset_session
redirect_to root_url
end
end
</pre>
<p>
Then add the following line within app/controllers/admin_controller.rb
</p>
<pre class="ruby">
class AdminController < ApplicationController
def administrative
if not is_admin?
reset_session
redirect_to root_url
end
end
</pre>
<p>
Then add the following line within app/controllers/admin_controller.rb
</p>
<pre class="ruby">
class AdminController < ApplicationController
<span style="background-color:yellow">before_filter :administrative</span>
skip_before_filter :has_info
</pre>
<span style="background-color:yellow">before_filter :administrative</span>
skip_before_filter :has_info
</pre>
</div>
</div>
</div>
<div class="accordion-group">
<div class="accordion-group">
<div class="accordion-heading">
<a style="background-color: rgb(181, 121, 158)" href="#collapseFour" data-parent="#accordion1" data-toggle="collapse" class="accordion-toggle">
<i class="icon-aid icon-white">
@@ -102,6 +102,6 @@
</div>
</div>
</div>
</div>
</div>
</div>
</div>