will/cancan-attr-test
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update README.rdoc

Browse Source
This commit is contained in:
Will Bradley 2013-06-28 01:29:29 -04:00
parent e55b92391f
commit d283d0a237
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
README.rdoc
View File

@ -6,12 +6,12 @@ To reproduce:
* rails server * rails server
* http://localhost:3000/posts * http://localhost:3000/posts
* Create a new post with a User ID of 5 * Create a new post with a User ID of 5
** Note this is prohibited by cancan * Note this is prohibited by cancan
* Create a new post with a nil User ID * Create a new post with a nil User ID
** Note this is allowed by cancan (you aren't signed in, your user_id is nil) * Note this is allowed by cancan (you aren't signed in, your user_id is nil)
* Edit your post, and set the User ID to 5 * Edit your post, and set the User ID to 5
** Note this succeeds * Note this succeeds
* Edit app/controllers/posts_controller.rb on line 6, uncomment the before_filter line and save * Edit app/controllers/posts_controller.rb on line 6, uncomment the before_filter line and save
* Create a new post with a nil User ID * Create a new post with a nil User ID
** Edit the post and set the User ID to 5 * Edit the post and set the User ID to 5
** Note the problem is now fixed, guest users cannot create or update posts that don't belong to them. * Note the problem is now fixed, guest users cannot create or update posts that don't belong to them.