Menachem says:

I didn’t find any pages to update. But I did remove the views/line_items directory, as it allows the user to interact with the line_items model directly

GreenDavidDude says:

I made the following changes to depot/app/models/product.rb:

validates :image_url,    :uniqueness => true
validates :price, :numericality => {:less_than_or_equal_to =>    1000}

CarlosR says:

In addition to GreenDavidDude’s changes, I added exception handlers to the LineItemsController and ProductsController

...in depot/app/controllers/line_items_controller.rb

def show
  @line_item = LineItem.find(params[:id])
  respond_to do |format|
    format.html # show.html.erb
    format.json { render :json => @line_item }
  end
  rescue ActiveRecord::RecordNotFound
      logger.error "Attempt to access invalid line_item #{ params[ :id ]}" 
      redirect_to store_url, :notice => 'Invalid line item'
end

...in depot/app/controllers/products_controller.rb

def show
  @product = Product.find(params[:id])
  respond_to do |format|
    format.html # show.html.erb
    format.json { render :json => @product }
  end
  rescue ActiveRecord::RecordNotFound
      logger.error "Attempt to access product #{ params[ :id ]}" 
      redirect_to products_url, :notice => 'Invalid product'
end