oh that's a good solution friend = current_user.friends.find(params [:id]) i never though of that. search within the users friends for the requested it... thanks
On Jan 14, 7:12 am, Rick DeNatale <[email protected]> wrote: > On Wed, Jan 13, 2010 at 8:02 AM, Eduard Martini > > > > > > <[email protected]> wrote: > > Don't take the user id from the url. > > > For example, don't do this: > > > url: > > /show_friends/5 > > code: > > Users.find(5).friends > > > But do this: > > > url: > > /show_friends > > code: > > current_user.friends > > > where current_user is the currently auth user. You know who is logged > > in, don't need to pass his id around. > > And for the use case which the OP raised, which is the show action, it > should be: > > def show > friend = current_user.friends.find(params[:id]) > end > > which scopes the find to the user's friends. Similar comment for > other actions like edit and update > > -- > Rick DeNatale > > Blog:http://talklikeaduck.denhaven2.com/ > Twitter:http://twitter.com/RickDeNatale > WWR:http://www.workingwithrails.com/person/9021-rick-denatale > LinkedIn:http://www.linkedin.com/in/rickdenatale
-- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
