When implementing a delete form, if you use POST, rails, etc. with html, I think that it will be implemented with the DELETE method, but
For example, when deleting a user and implementing "action ="/delete /: user_id "", if the user_id part is rewritten with a developer tool, the rewritten user will be deleted, right?
How can I avoid this?
Addition:
For example, if you have a list of users and click the "Delete" button, a js confirmation dialog will appear. If i click OK, I want to execute the deletion process.
| User name | Edit | Delete |
|---|---|---|
| A-san | Edit | Delete |
| B-san | Edit | Delete |
| C-san | Edit | Delete |
-
Answer # 1
-
Answer # 2
If you rewrite it, the rewritten user will be deleted?
This is possible if you simply delete the specified ID.
How can I avoid this?
Check with registered email and enter password. Isn't it possible to delete only the account related to login?
It's a little unclear, but I can't give an accurate answer.
Addition:
For example, if you have a list of users and click the "Delete" button, a js confirmation dialog will appear, and if you press OK, you want to execute the deletion process.You should stop it.
If it is absolutely necessary, pressing the delete button will bring up the password input screen and if it matches, it will be a procedure called "delete".
Related articles
- html - i'm not convinced about the rails delete request
- html - about position: absolute;
- about the phenomenon that the [id] set in rails collection_select changes on the html side
- html - bootstrap card about the height of the bootstrap card
- i have a question about html css
- html - about width specification to check with developer tools
- html - about duplication of click () event in jquery
- html - about adjustment problem of icon image + balloon
- html - about changing the font color of css
- about access actions or vba
- about html and css layout and layout
- html - [ruby on rails] about the problem that line breaks are not reflected in the text data acquired by innertext of mechanize
- about scroll display when overflowing html elements
- html - please tell me about the layout of the navigation bar of bootstrap4
- html - about the part where mix-blend-mode is not reflected
- [html] about specifying height in responsive design
- html - about the work of multiple people
- html - about chrome verification tool
- about html bem
- html - about parent-child element relationship
- html - i want to set the conditions to be displayed in collection_check_boxes
- javascript - i am using chart kick, but the display of "loading" remains and the graph is not displayed
- javascript - how to associate columns of existing table with each other
- html - i would like to know how to calculate the average of the data
- ruby - passing variables using render partial
- ruby - about the delete function in rails
- [ruby] how to write a ternary operator
- ruby - i want to pass an instance variable and display a post, but i get a nomethoderror
- javascript - i used the queryselectorall method in ajax and fired an event by clicking a record in the data list i don't want to
- ruby - how to delete cookies
Yes.
If you have the right to delete, regulating it doesn't make much sense, as it iswhat you can do. If you don't want a specific person to delete a specific issue, you need to build such logic on theserver side.