ed51c5dcd3
Note using `params[:relatable_type].classify` is recognized as a security risk by some tools. However, it's a false positive, since we've added constraints to the URL so that paramenter can only have the values we trust.
12 lines
283 B
Ruby
12 lines
283 B
Ruby
class SDGManagement::RelationsController < SDGManagement::BaseController
|
|
def index
|
|
@records = relatable_class.accessible_by(current_ability).order(:id).page(params[:page])
|
|
end
|
|
|
|
private
|
|
|
|
def relatable_class
|
|
params[:relatable_type].classify.constantize
|
|
end
|
|
end
|