Google model scoping.
Basically you get:
For ''dogs'' list your list action
You hve a before filter to authorize and set the logged in user then:
logged_in_user.dogs
The show action has:
logged_in_user.dogs.find(params[:id])
That way people can''t look up the wrong records
Sent from my iPhone
On 30/01/2009, at 1:52 PM, Michael
<Michael.Edgar-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
>
> Hi,
> I am looking for a simple way to implement a form of "data
ownership"
> in a Rails application. Basically, I''d like for users / accounts
to
> only be able to view or operate on model data that they have created
> themselves and to not have any sort of awareness of the data created
> by other users / accounts.
>
> My initial thought is that I will need something like account_id on
> all of the models and each request will check that the searched for
> model id is owned by the currently authenticated account. Has anyone
> done anything like this and is there a simpler way?
>
> Thanks
> >
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---