On Wed, Jan 13, 2010 at 8:02 AM, Eduard Martini
<[email protected]> wrote:
> Don't take the user id from the url.
>
> For example, don't do this:
>
> url:
> /show_friends/5
> code:
> Users.find(5).friends
>
> But do this:
>
> url:
> /show_friends
> code:
> current_user.friends
>
> where current_user is the currently auth user. You know who is logged
> in, don't need to pass his id around.
And for the use case which the OP raised, which is the show action, it
should be:
def show
friend = current_user.friends.find(params[:id])
end
which scopes the find to the user's friends. Similar comment for
other actions like edit and update
--
Rick DeNatale
Blog: http://talklikeaduck.denhaven2.com/
Twitter: http://twitter.com/RickDeNatale
WWR: http://www.workingwithrails.com/person/9021-rick-denatale
LinkedIn: http://www.linkedin.com/in/rickdenatale
--
You received this message because you are subscribed to the Google Groups "Ruby
on Rails: Talk" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.
