Closed natacha-beck closed 4 months ago
Check legitimate access for
For point 3 of my previous comment, there is an excellent example already in the controllers, e.g. in userfiles_controller
for the action manage_compression
:
userfiles = Userfile
.find_all_accessible_by_user(current_user, :access_requested => :write)
.where(:id => file_ids)
except you'll have to change the access_requested
to :read
Looks good to me. Before I merge, I want to discuss if this action is really a 'bourreau' action, or if it would be more appropriate in a different controller. We are selecting files to be copied to a data provider, so maybe it's userfile action, or a data provider action?
Rejected. The role of a controller action is to make sure all parameters are valid for the current session!