On Sep 24, 8:57 pm, Nathan <[EMAIL PROTECTED]> wrote:
> Hi Everyone. I am working on my first Ruby on Rails app. It is a
> basic project management application. I have user login/logout
> functionality set up. It will only display a list of projects that
> are linked to the logged in user. However, if someone else logs in
> and types in a url such aswww.projectmanagement.com/projects/17
> (where 17 is a project id), they will be able to see that project even
> if they are not linked to it. What is the best design approach to
> this problem?
>
Instead of doing Project.find do current_user.projects.find
This restricts the find to projects owned by that user.
Fred
> Thank you for any advice!!!
>
> Nathan
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Ruby
on Rails: Talk" group.
To post to this group, send email to rubyonrails-talk@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---