hi chaps. just want to check that i'm on the right lines with protecting resources in an app, the idea that only the resources owner can do stuff to it I figure there are only two steps I need (with authlogic), but I may be missing stuff 1st is a check authorised before filter, which just checks that a valid user is logged in that before filter is on all the actions that need protecting the 2nd step is to change the default find method in the controller from this type of thing @thing = Thing.find(params[:id]) to this ... @thing = current_user.things.find(params[:id])
am I on the right lines ? -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-t...@googlegroups.com. To unsubscribe from this group, send email to rubyonrails-talk+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
