Hi, I just have a "best practices" question. I'd like to block users that don't own a particular resource from performing edit/update/ destroy actions on it. Here's how I currently do it:
## User has many resources, of different types ------- resource_controller.rb ------- before_filter :require_ownership, :only => [:edit, :update, :destroy] ... public actions ... protected def require_ownership @resource = Resource.find(params[:id]) redirect_to_somewhere unless owns?(@resource) end ------- application.rb ------- def owns?(resource) resource.user_id == @current_user.id end ... And I apply this before_filter in the controller of any resource I'd like to restrict in a similar way. I'm new to Rails and MVC so I'm just wondering whether this is the best way of accomplishing this, or if a different method is recommended. Thanks in advance! --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk@googlegroups.com To unsubscribe from this group, send email to rubyonrails-talk+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
