Issue: I have an order confirmation page once orders are placed. The route loks like this:
resources :orders do
get 'order_confirmation', :on => :member
end
The link:
example.com/orders/1001/order_confirmation
Instead, I would like to generate a unique link like this:
example.com/orders/1001/order_confirmation/79sa9182-sd9871234123456f
So if someone makes an order for order 1002, they can't go "hey let me see what order 1001 made".
BTW, the order_confirmation is within the OrdersController like this:
def order_confirmation
@order = Order.all.find(params[:id])
end
I do have security with this for users who are signed in with CanCanCan, but I made this order_confirmation page for people who do not create accounts and probably won't ever create an account.
How can I accomplish this so a link like:
example.com/orders/1001/order_confirmation/79sa9182-sd9871234123456f
Is generated for order confirmations, and links like this:
example.com/orders/1001/order_confirmation/
cannot be accessed by anyone, even the purchaser?
I did find this: Protected sharing link in Ruby on Rails
But I am not sure how I would apply this for the order confirmation page since it doesn't have it's own table or model. It's already in the OrdersController
Aucun commentaire:
Enregistrer un commentaire