On Feb 11, 12:31 pm, Robert Walker <[email protected]>
wrote:
> Gerwin wrote:
> > Say I have Users. A user can login and create e.g. Houses..and Houses
> > can contain People ..etc.
>
> > How do I prevent another logged in user from accessing another user's
> > House (e.g.http://test.com/houses/1 -> where id=1 doesn't belong to
> > this user but to another user).
>
> > Would People also need to have a user_id field so I can check if the
> > request was done by the correct user?
>
> There are various ways to accomplish this but basically you want to make
> sure houses can only be accesses through a user.
>
> HousesController
> ---------------
> def index
> user = User.find(current_user)
> @houses = user.houses.find(1)
> ...
> ...
> end
>
> That's the basic idea anyway.
> --
> Posted viahttp://www.ruby-forum.com/.
Thanks! I didn't know that something like
current_user.houses.people.find_by_id(param[:id]) would work :)
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Ruby
on Rails: Talk" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---
