Google model scoping. Basically you get:
For 'dogs' list your list action You hve a before filter to authorize and set the logged in user then: logged_in_user.dogs The show action has: logged_in_user.dogs.find(params[:id]) That way people can't look up the wrong records Sent from my iPhone On 30/01/2009, at 1:52 PM, Michael <[email protected]> wrote: > > Hi, > I am looking for a simple way to implement a form of "data ownership" > in a Rails application. Basically, I'd like for users / accounts to > only be able to view or operate on model data that they have created > themselves and to not have any sort of awareness of the data created > by other users / accounts. > > My initial thought is that I will need something like account_id on > all of the models and each request will check that the searched for > model id is owned by the currently authenticated account. Has anyone > done anything like this and is there a simpler way? > > Thanks > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
