Rails - Too much logic in views?
I have an application used by several organizations and I want to check that users of one domain (a.domain.com) cannot edit users of another domain (b.domain.com). My question is where to put the logic, in a before filter or in the view?
View:
<% if @user.websites.detect {|website| website.url == request.host} %>
render :partial => 'form'
<% else %>
render :partial => 'no_access'
<% end %>
Or, in the controller:
before_filter :verify_editable_user, :only => ['edit', 'update', 'delete']
protected
def verify_editable_user
@user = User.find(params[:id], :include => 'websites')
unless @user.web开发者_开发技巧sites.detect {|website| website.url == request.host}
render 'no_access'
end
end
In this scenario, the first version feels cleaner to me. However, the second seems more along the MVC scenario. What do you think? Am I way off base? Thanks in advance.
I recommend using the lockdown gem for authorization. (see http://stonean.com/)
The second one is in fact much cleaner.
A couple other authorization gems to check out would be CanCan and acl9.
You shouldn't place logic in your views. Having logic in the controllers and not in the views will actually make your testing easier...
I would recommend before_filter
and acl9. Also using presenters to get code out of your views and into a testable ruby object
精彩评论