cancan-attr-test/README.rdoc

== Cancan should automatically protect updates just like it protects create

To reproduce:

* rake db:migrate
* rails server
* http://localhost:3000/posts
* Create a new post with a User ID of 5
  *  Note this is prohibited by cancan
* Create a new post with a nil User ID
  * Note this is allowed by cancan (you aren't signed in, your user_id is nil)
* Edit your post, and set the User ID to 5
  * Note this succeeds
* Edit app/controllers/posts_controller.rb on line 6, uncomment the before_filter line and save
* Create a new post with a nil User ID
  * Edit the post and set the User ID to 5
  * Note the problem is now fixed, guest users cannot create or update posts that don't belong to them.
Update readme 2013-06-28 05:27:08 +00:00			`== Cancan should automatically protect updates just like it protects create`

			`To reproduce:`

			`* rake db:migrate`
			`* rails server`
			`* http://localhost:3000/posts`
			`* Create a new post with a User ID of 5`
Update README.rdoc 2013-06-28 05:29:29 +00:00			`* Note this is prohibited by cancan`
Update readme 2013-06-28 05:27:08 +00:00			`* Create a new post with a nil User ID`
Update README.rdoc 2013-06-28 05:29:29 +00:00			`* Note this is allowed by cancan (you aren't signed in, your user_id is nil)`
Update readme 2013-06-28 05:27:08 +00:00			`* Edit your post, and set the User ID to 5`
Update README.rdoc 2013-06-28 05:29:29 +00:00			`* Note this succeeds`
Update readme 2013-06-28 05:27:08 +00:00			`* Edit app/controllers/posts_controller.rb on line 6, uncomment the before_filter line and save`
			`* Create a new post with a nil User ID`
Update README.rdoc 2013-06-28 05:29:29 +00:00			`* Edit the post and set the User ID to 5`
			`* Note the problem is now fixed, guest users cannot create or update posts that don't belong to them.`