will/cancan-attr-test
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
2 Commits 1 Branch 0 Tags 69 KiB
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Will Bradley e55b92391f Update readme
2013-06-28 01:27:08 -04:00
app
Update readme
2013-06-28 01:27:08 -04:00
config
Initial commit
2013-06-28 01:22:16 -04:00
db
Initial commit
2013-06-28 01:22:16 -04:00
doc
Initial commit
2013-06-28 01:22:16 -04:00
lib
Initial commit
2013-06-28 01:22:16 -04:00
log
Initial commit
2013-06-28 01:22:16 -04:00
public
Initial commit
2013-06-28 01:22:16 -04:00
script
Initial commit
2013-06-28 01:22:16 -04:00
test
Initial commit
2013-06-28 01:22:16 -04:00
vendor
Initial commit
2013-06-28 01:22:16 -04:00
.gitignore
Initial commit
2013-06-28 01:22:16 -04:00
config.ru
Initial commit
2013-06-28 01:22:16 -04:00
Gemfile
Initial commit
2013-06-28 01:22:16 -04:00
Gemfile.lock
Initial commit
2013-06-28 01:22:16 -04:00
Rakefile
Initial commit
2013-06-28 01:22:16 -04:00
README.rdoc
Update readme
2013-06-28 01:27:08 -04:00

README.rdoc 

== Cancan should automatically protect updates just like it protects create

To reproduce:

* rake db:migrate
* rails server
* http://localhost:3000/posts
* Create a new post with a User ID of 5
** Note this is prohibited by cancan
* Create a new post with a nil User ID
** Note this is allowed by cancan (you aren't signed in, your user_id is nil)
* Edit your post, and set the User ID to 5
** Note this succeeds
* Edit app/controllers/posts_controller.rb on line 6, uncomment the before_filter line and save
* Create a new post with a nil User ID
** Edit the post and set the User ID to 5
** Note the problem is now fixed, guest users cannot create or update posts that don't belong to them.
Description
No description provided
Readme
Languages
Ruby 74%
HTML 20.6%
SCSS 2.5%
JavaScript 1.3%
CSS 1.1%
Other 0.5%