I would think a simple before_filter would work for you that would require a login before those projects could be viewed. Once they login, they would only be able to see the projects that they are assigned to.
Your before_filter would be placed up top in the controller for projects. Something like this.... before_filter :login_required, :only => [:new, :create, :edit, :update] Then you could add all of the other actions that required a login as well such as :show, :add, :edit, :delete, etc., etc. I am certainly no Rails genius yet, but I think this would work for you. --Cory On Sep 24, 3:57 pm, Nathan <[EMAIL PROTECTED]> wrote: > Hi Everyone. I am working on my first Ruby on Rails app. It is a > basic project management application. I have user login/logout > functionality set up. It will only display a list of projects that > are linked to the logged in user. However, if someone else logs in > and types in a url such aswww.projectmanagement.com/projects/17 > (where 17 is a project id), they will be able to see that project even > if they are not linked to it. What is the best design approach to > this problem? > > Thank you for any advice!!! > > Nathan --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---