I've never done this but I'll give my 2 cents anyway: 1) With nested routes, you are always still looking for the user - you fetch it in the Journals controller and that's where you can evaluate it. What you can do is fetch the current_user unless the current_user is an admin or whatever 2) About the routes I'd like to know that... if you always fetch the current_user it would be possible since you don't pass the user_id in the URL anymore, but admins and such wouldn't be able to see another's journal.
Ramon Tayag On Mon, Sep 29, 2008 at 12:45 PM, Tim K. <[EMAIL PROTECTED]> wrote: > > So I'm using nested routes for a users model that has measurements and > journals... like this: > > map.resources :users do |users| > users.resources :journals > users.resources :measurements > end > > This of course builds routes as something like: > > /user/:user_id/journals/:id > /user/:user_id/measurements/:id > > In the case of this application the logged in user is only going to be > accessing his or her own resources (journals and measurements). So my > question is: What is the proper way to accommodate that in routing so > that /user/:user_id isn't necessary and just going to /journals or / > journals/:id would ensure that I'm going to the the currently logged > in user's journals or measurements? And in turn, what would be the > best way of making sure that users can't type /journal/:id and see > another users record once that :user_id was trimmed off (they should > only be able to see their own). > > Thoughts? I greatly appreciate it. > > Thanks. > Tim K. > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
