8a47fe3505
Although it wasn't a real security concern because we were only calling a `find` method based on the user input, it's a good practice to avoid using constants based on user parameters. Since we don't use the `find` method anymore but we still need to check the associated record exists, we're changing the `followable` validation in the `Follow` model to do exactly that.
8 lines
178 B
Ruby
8 lines
178 B
Ruby
class Follow < ApplicationRecord
|
|
belongs_to :user
|
|
belongs_to :followable, polymorphic: true
|
|
|
|
validates :user_id, presence: true
|
|
validates :followable, presence: true
|
|
end
|