Thanks Dave, been spending days cleaning up my code based on your suggestions and pretty proud of it now.
I've a dilemma now with CanCan vs Nested Resources in Routes.rb: *In Routes.rb:* resources :users do resources :orders do collection do get :payment_received end end end *In orders_controller.rb:* def payment_received @user = User.find(params[:user_id]) @orders = Order.where(seller_id: @user.id).order("id ASC") render 'payment_received' end *In ability.rb:* can :payment_made, Order, :user_id => user.id *The problem* With the following route: payment_received_user_orders GET /users/:user_id/orders/payment_received(.:format) orders#payment_received Through CanCan, I can't seem to enforce the ":user_id => user.id" whereby the *current_user* can only see his own payment_received (based on his own user_id) and not someone else's payment_received. On Wednesday, March 5, 2014 1:10:24 AM UTC+8, Dave Aronson wrote: > > On Mon, Mar 3, 2014 at 4:01 PM, Brandon <wong...@gmail.com <javascript:>> > wrote: > > > This is what my User/Create looks like after rethinking my controller. > Does > > it need more work to make it slimmer? > > I've seen (and even made) much worse, but this can be slimmed down > fairly easily. The sign_in and that big if-statement, have nothing to > do with what screen to show next, data to show there other than what's > already in some already-used model, or other such things that properly > belong in the controller. So, they can be extracted and put into the > User model, though you may need to pass in the current_order_id and > current_follow_id. You'd wind up with something like: > > def create > user.updating_password = true > if user.save > user.process_initial_session(current_order_id, current_follow_id) > redirect_back_or root_url, flash => { :success => 'Welcome!' } > else > render 'new' > end > end > > where user.process_initial_session (or whatever you choose to call it; > could be welcome, set_up_stuff, link_to_order_or_followers, whatever, > depending what else you may want to put in it) encapsulates all that > extracted stuff. > > -Dave > > -- > Dave Aronson, the T. Rex of Codosaurus LLC (www.codosaur.us); > FREELANCE SOFTWARE DEVELOPER, AVAILABLE AS OF MARCH 1st 2014; > creator of Pull Request Roulette, at PullRequestRoulette.com. > -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscr...@googlegroups.com. To post to this group, send email to rubyonrails-talk@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/c6945e58-880c-4722-a5f0-7599747a9c43%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.