Qs:
Don't understand branches - how do you "push" back to main - I think I need this to deploy to render?
still not passing user tests - but the links work?
Cloudinary .env variables = are they supposed to be string?
security holes can be solved with:
- Filters:
before_actionandskip_before_action. => Authorization in controller - Redirecting:
redirect_toandredirect_back. => Authorization in controller - Devise’s
current_usermethod. - Ruby’s
if/elsestatements. - Deleting or limiting routes with
only:andexcept:after resources.
Steps:
- we ask what routes we actually want and filter them from the
routes.rbwithexceptoronly - For the remaining routes, we ask who is allowed to do what on each route.
git branches:
git checkout -b ec-branch-name
Note: in this project, we implemented deterministic rather than random sample data (have a look at the lib/tasks/dev.rake file). This will make the sample data consistent in your app and the target, allowing you to repeatedly test scenarios as you code.
Step 1: Authorization in controller (only owner can delete own photos)
Step 2: Conditionals in the view templates
used to hide links that aren’t available to a given user. i.e. if a photo is not owned by someone, then they shouldn’t even see the edit or delete links
Step 3: Hiding private users: add conditional on user's show page
(If you had an Admin user, usually render two entirely separate view templates (i.e. show) to avoid excessive control flow in a single view)