[Nitro] Security problems

George Moschovitis george.moschovitis at gmail.com
Fri Nov 11 06:51:32 EST 2005


> Project.with_scope(:condition => "user='gmosx'") do
>   projects = Project.all # returns projects of gmosx
>   project = Project[id] # only returns if the id project belobgs to gmosx
>   ...
> end

or alternatively (0.25.0 again):

projects = User[uid].projects.find(...)
instead of
projects = Project.find(..)

or even (0.25.0):

projects = Project.find_by_XXXX_and_user(..., 'gmosx')

-g.



--
http://www.gmosx.com
http://www.navel.gr
http://www.nitrohq.com




More information about the Nitro-general mailing list