Great! Thank you for the advice. I had thought of doing the before_filter, but was not sure if that was the best way to go. Also, I like the "current_user.projects.find" idea.
Thanks again! Nathan On Sep 24, 4:41 pm, CPerry <[EMAIL PROTECTED]> wrote: > Actually, nevermind. Frederick posted exactly what I was coming back > to post! > > --Cory > > On Sep 24, 4:39 pm, CPerry <[EMAIL PROTECTED]> wrote: > > > I would think a simple before_filter would work for you that would > > require a login before those projects could be viewed. Once they > > login, they would only be able to see the projects that they are > > assigned to. > > > Your before_filter would be placed up top in the controller for > > projects. > > > Something like this.... > > > before_filter :login_required, :only => > > [:new, :create, :edit, :update] > > > Then you could add all of the other actions that required a login as > > well such as :show, :add, :edit, :delete, etc., etc. I am certainly no > > Rails genius yet, but I think this would work for you. > > > --Cory > > > On Sep 24, 3:57 pm, Nathan <[EMAIL PROTECTED]> wrote: > > > > Hi Everyone. I am working on my first Ruby on Rails app. It is a > > > basic project management application. I have user login/logout > > > functionality set up. It will only display a list of projects that > > > are linked to the logged in user. However, if someone else logs in > > > and types in a url such aswww.projectmanagement.com/projects/17 > > > (where 17 is a project id), they will be able to see that project even > > > if they are not linked to it. What is the best design approach to > > > this problem? > > > > Thank you for any advice!!! > > > > Nathan --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---