Hi I have this code def destroy @property = Property.find(params[:id]) IsAuthorized?(@property.user_id) @property.destroy
respond_to do |format| format.html { redirect_to(properties_url) } format.xml { head :ok } end end def IsAuthorized?(id) if current_user.id!= id flash[:notice] = 'Not authorized ' redirect_to(properties_url) end end If a not authorized user calls destroy it stills calls @property.destroy. How can I prevent the destory function from calling @property.destroy if the user is not authorized? -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-t...@googlegroups.com. To unsubscribe from this group, send email to rubyonrails-talk+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.