Dear rails user I''ve just spent serveral hours getting to know the authentication plugins like "act as authenticated", "model based security" etc. Now I''m wondering why none of the existing plugins use a model based finder approach? My idea: Overwrite the finder of each model to deliver only the allowed records. As I always use MyModel.find(all) or MyModel.find(4) etc. the model MyModel would always be secured, no matter what I''d like to do... lets say destroy or edit. But because none of the other plugins use this idea, I''m quite suspicious that I overlook a huge drawback. Can anybody of you tell me what I miss? Thanks! Best regards Markus --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---