#130 new
Alexey Ilyichev

Named scopes on a model are available by default to search

Reported by Alexey Ilyichev | November 3rd, 2010 @ 06:50 AM

Hi.

Lets say I have a model MyModel, and I have a named scope on it, called my_scope. Then if I submit a param my_scope in the search request, I can trigger MyModel.my_scope. By default all named scopes available on a model can be accessed through MyModel.search. I find this insecure.

How about making them unavailable by default and making a method like:

searchable_scope :my_scope
to make it available?

I can try to make a patch if you agree its a good idea.

No comments found

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

New-ticket Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป

Provides common named scopes and object based searching.

People watching this ticket

Pages