Check out acl9 for access control http://github.com/be9/acl9
With acl9 you control what users have access to which specific methods and assign users roles on specific objects. You could set it up in the create method of stuffs_controller so the current_user is the "owner" of that stuff and only allow owners to edit that specific object, then admin has access to all. In that approach it's all handled in the models and controllers so routes are set up however you want. -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-t...@googlegroups.com. To unsubscribe from this group, send email to rubyonrails-talk+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.