Brian Hogan wrote: > Sure. Very much so... and that's exactly how I've been doing it. So > what I understand is that it's perfectly fine to query the database > that many times, because it's good for security and data integrity. I > can live with that. Just wanted to make sure that was the best way to > explain it to my students. Some people will surely look at the sql > logs and see four separate (albeit small) queries and wonder why > that's necessary, so I want to have a good answer for them. > > Thanks everyone! I really appreciate it. To add, shouldn't security/authorization be implemented mostly in the model? In Tom's Hobo, all of authorization mechanism take place in the model. The model should know which requests (users) should be able to access (read/update/delete) it (or parts of it, e.g. individual fields). The controller only passes authorization requests to the model, it obeys what the models are supposed to allow or deny.
Using polymorphic paths to be more logical and nice to look is great... but if security is one added advantage, is it really the appropriate place to put such (only!) security measure? -- Hendy Irawan www.hendyirawan.com --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/rubyonrails-core?hl=en -~----------~----~----~----~------~----~------~--~---
