Comments on: Using AR::Associations to limit find() scope

By: timlucas

timlucas — Mon, 03 Jul 2006 03:36:39 +0000

Stevenwulf: Nope, the find is only for database fetches. If you were storing it in memory (in the session for example) then you’d probably be referencing it by position in the line_items array, rather than the record’s id.

For this app I’m creating the order in the database with a state of ‘unfinished’. I store the session id with the order, so when I delete old sessions from the database I also delete their unfinished orders.

By: Stevenwulf

Stevenwulf — Mon, 03 Jul 2006 03:20:39 +0000

What if the order’s lineitem hasn’t been saved and is only in memory. will the find still work?

By: timlucas

timlucas — Mon, 03 Jul 2006 02:32:33 +0000

I forgot to mention there’s also the ScopedAccess and MeantimeFilter plugins which help limiting the scope of database fetches. Only problem with using plugins though is you’re not guaranteed they won’t break on future versions of Rails, and the technique I described is useful elsewhere.

By: timlucas

timlucas — Mon, 03 Jul 2006 00:17:52 +0000

See my note in the last paragraph ;) An example of using the verify macro:


class LineItemsController < ActionController::Base
  verify :method => :post, :only => :destroy
  def destroy
    ..
  end
end

By: wwb_99

wwb_99 — Sun, 02 Jul 2006 13:38:22 +0000

Very good point. Any user input should always be sanity checked.

I would, however, note that one should not be taking actions other than retrieving information using Http GET requests. That should be completely handled using POST. The main reason for this is things like bots can have an interesting effect on things. There was a situation once where google started deleting people’s profile because the delete command was something like “userprofile.php?id=NN&action=delete”