Revision 7cb05aa9
Added by Dominic Cleal about 10 years ago
| app/controllers/api/base_controller.rb | ||
|---|---|---|
|
resource_identifying_attributes.each do |key|
|
||
|
find_method = "find_by_#{key}"
|
||
|
model = md[1].classify.constantize
|
||
|
controller = "#{md[1].pluralize}_#{controller_name}"
|
||
|
controller = md[1].pluralize
|
||
|
authorized_scope = model.authorized("#{action_permission}_#{controller}")
|
||
|
@nested_obj ||= authorized_scope.send(find_method, params[param])
|
||
|
end
|
||
Also available in: Unified diff
fixes #5612 - use correct permissions for authz in parameters API