I see Xavior - that's makes a lot of sense especially with that before_filter. I'll refactor a little bit. Thanks.
On Sep 29, 2:23 am, "Xavier Noria" <[EMAIL PROTECTED]> wrote: > On Mon, Sep 29, 2008 at 6:45 AM, Tim K. <[EMAIL PROTECTED]> wrote: > > So I'm using nested routes for a users model that has measurements and > > journals... like this: > > > map.resources :users do |users| > > users.resources :journals > > users.resources :measurements > > end > > > This of course builds routes as something like: > > > /user/:user_id/journals/:id > > /user/:user_id/measurements/:id > > > In the case of this application the logged in user is only going to be > > accessing his or her own resources (journals and measurements). So my > > question is: What is the proper way to accommodate that in routing so > > that /user/:user_id isn't necessary and just going to /journals or / > > journals/:id would ensure that I'm going to the the currently logged > > in user's journals or measurements? And in turn, what would be the > > best way of making sure that users can't type /journal/:id and see > > another users record once that :user_id was trimmed off (they should > > only be able to see their own). > > Two things: > > 1) A has_many do not necesseraly mean a nested resource _in your > interface_. You can simply configure > > map.resources :journals > map.resources :measurements > > 2) Access control is implemented via AR finders. In this case you'd do > > def index > [EMAIL PROTECTED] = current_user.journals > end > > # before filter > def find_journal > current_user.journals.find(params[:id]) > rescue > redirect_to journals_url > end --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
