Aidan Finn
2005-Nov-24 17:45 UTC
owner based authorization / passing arguments to filters.
Hi all, I''m new to rails so this may be obvious, but... I want to implement a simple owner-based authentication system. Every item (there are different types of item) in the system has a field owner_id which is a foreign key to the user table. A user has permission to edit an item if they own the item. So to check if a user owns an item I can do something like: def owner?(item) item.user_id == session[:user_id] end Is there an easy way to enforce this across the whole system? Can I implement this as a filter? Can I pass an argument to a filter i.e. the item that is being checked, or will I need to put it in the session? All help is greatly appreciated. thanks, AF _______________________________________________ Rails mailing list Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org http://lists.rubyonrails.org/mailman/listinfo/rails
Peter Ertl
2005-Nov-24 17:49 UTC
error_messages_for with NO activerecord objects possible?
Hi folks, Do you know if I can use <%= error_messages_for ... %> without having a specific activerecord object? just dump some custom messages which belong to no specific model object... regards Peter