Tony Perrie wrote:
> Better yet, is there another idiom that's even more
> ironclad than the caboo.se ScopedAccess one?
Maybe I'm misunderstanding the context, but why not just secure your
model through the has-many association? It's the most basic security
idiom and is built-in.
class User < ActiveRecord::Base
has_many :posts
end
class ApplicationController < ActionController::Base
def ...
current_user.posts.find ...
current_user.posts.create ...
end
end
BTW A pattern I seen if you really need to have the model access the
current user is to use a class attribute accessor in a before filter.
class User < ActiveRecord::Base
cattr_accessor :current_user
...
end
class ApplicationController
before_filter :set_current_user
protected
def set_current_user
User.current_user = current_user if logged_in?
end
end
--
Posted via http://www.ruby-forum.com/.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Ruby
on Rails: Talk" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---
