Actually, nevermind. Frederick posted exactly what I was coming back to post!
--Cory On Sep 24, 4:39 pm, CPerry <[EMAIL PROTECTED]> wrote: > I would think a simple before_filter would work for you that would > require a login before those projects could be viewed. Once they > login, they would only be able to see the projects that they are > assigned to. > > Your before_filter would be placed up top in the controller for > projects. > > Something like this.... > > before_filter :login_required, :only => > [:new, :create, :edit, :update] > > Then you could add all of the other actions that required a login as > well such as :show, :add, :edit, :delete, etc., etc. I am certainly no > Rails genius yet, but I think this would work for you. > > --Cory > > On Sep 24, 3:57 pm, Nathan <[EMAIL PROTECTED]> wrote: > > > Hi Everyone. I am working on my first Ruby on Rails app. It is a > > basic project management application. I have user login/logout > > functionality set up. It will only display a list of projects that > > are linked to the logged in user. However, if someone else logs in > > and types in a url such aswww.projectmanagement.com/projects/17 > > (where 17 is a project id), they will be able to see that project even > > if they are not linked to it. What is the best design approach to > > this problem? > > > Thank you for any advice!!! > > > Nathan --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---