We''re trying to secure our application and someone yesterday suggested
a good idea.
Say we have blogs that belog to users our models would be something
like
class User < ActiveRecord::Base
has_many :blogs
......
end
class Blog <ActiveRecord::Base
belongs_to :user
...
end
we already have an authentication system inplace and on top of that we
have been doing something like
@blog = Blog.find(:first, :conditions => ["user_id = ?",
session[:user_id]]);
but someone suggested using something like
before_filter {|cntrlr| cntrlr.user = User.find(session[:user_id]) }
in the controller so that we could make a call like
@blog = @user.blogs.find(:first)
(Actually they suggested that we place it in the application.rb but
not all of our objects have users.)
However, if we place it in the blog controller, like:
class NotebooksController < ApplicationController
before_filter { |ctrl| crtl.user = User.find(session[:user_id]) }
....
end
we get the folowing error:
undefined method `owner='' for NotebooksController:Class
I''m still a little new to this so I don''t really understand
what''s
going on here or how to make it work (assuming that I can and the
person who suggested this isn''t leading me up the path). I understand
that there isn''t an ''owner='' function defined for the
controller, but
shouldn''t ther be one for the model, or am I completely lost?
Dale
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---