Heinz Strunk wrote: > I'm doing it just like you described above. However I would like to hear > some more opinions on that as well.
That's really good to know - a slight twist on it could be that I have seen people DRY it up and include more sophistication on the find by using a before filter for that too, then I could perhaps find only the users things but if the user is an admin, allow the admin to find anything (or edit or destroy anything). Trying to make sure I don't miss anything before implementing. The thing is the initial check will only check that there's a logged in user though, not a particular user. Then the find part is important as it would always limit the "things" that can be found to the things that the current_user owns. These are the typical two steps? Correct? -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-t...@googlegroups.com. To unsubscribe from this group, send email to rubyonrails-talk+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.