Rails - Feb 2006 - What is best way to show only records belonging to loggeduser?

When I do this, I store the after a successful login. user''s id in
session. My controller actions pass that id into the find method

@tasks = Task.find_all_by_user_id(session[:user_id])

The session would have to be hacked in order for that to be broken.
It''s
been secure enough for me.



-----Original Message-----
From: rails-bounces@lists.rubyonrails.org
[mailto:rails-bounces@lists.rubyonrails.org] On Behalf Of Bojan Mihelac
Sent: Thursday, February 02, 2006 7:46 AM
To: rails@lists.rubyonrails.org
Subject: [Rails] What is best way to show only records belonging to
loggeduser?


Hi all,

What is best way to show only records belonging to logged user? I 
understand that it is better to handle this in model and not controller.

I am thinking of intercepting find methods in model and add clause 
something like "WHERE id_user = #{user_id}". I would like to hear if
you

would do it likewise and if yes is it better to hack find_by_sql() or 
find() method?

thanks in advance,
Bojan Mihelac

-- 
Bojan Mihelac
Informatika Mihelac, Bojan Mihelac s.p.  |  www.informatikamihelac.com
-> tools, scripts, tricks from our code lab: http://source.mihelac.org

_______________________________________________
Rails mailing list
Rails@lists.rubyonrails.org
http://lists.rubyonrails.org/mailman/listinfo/rails