> I was thinking more along the lines of
> @baby_names = BabyName.find( :all, :conditions => { user_id =>
> current_user.id } )
> to get all of them, or
>
> @baby_name = BabyName.find(params[:id], :conditions => { user_id =>
> current_user.id }) if params[:id]
> if you want to get just one.
That's helpful thanks - I get that; the thing is though I'm trying to
understand *where* to do these finds and how to make them so they don't
error if no params are supplied or the wrong params are supplied. In
plain terms, with this app, at least initially, I'd like to secure the
thing so only users have access to *their own* baby_names both
individually and as a list. I see how you're code does that.
Would I be best doing this/these finds in a before_filter that calls a
method say find_baby_names where in that method I check for supplied
params then find, or perhaps in two seperate before_filters, one for the
index action that gets all the @baby_names and one for the times when
there's only one name (e.g. an edit). Or maybe I've got the wrong end of
the stick and I should do these finds in the different controller
actions, e.g in index do the @baby_names = BabyName.find( :all,
:conditions => { user_id => current_user.id } ).
I'm guessing that a single before_filter is the DRY way to do it and
inherently more secure as I'll have all the logic in one place and it'll
get called every time for every action.
The other questions I have, how to deal with the sort actions and if I
need the protected and private keywords at all.
Very grateful for any insight.
--
Posted via http://www.ruby-forum.com/.
--
You received this message because you are subscribed to the Google Groups "Ruby
on Rails: Talk" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.
