So I have an account manager for users on my site and it has their profile which just displays their information, and a place where they can edit their info, the problem I am having is right now a person can edit anyone''s profile, so I obviously want to make it so they can only edit their own profile. In my controller I added an if statement that would check to see if the user was editing their profile which went like this: def edit id = params[:id] if session[:user_id] == id begin @user = User.find_by_id(id) rescue flash[:notice] = "No user by that user id can be found" redirect_to(:controller => ''home'', :action => ''index'') end else flash[:notice] = "You are not authorized to edit this user" redirect_to(:controller => ''account'', :action => ''profile'', :id => id) end end But that always gives me the message that I have set as my flash and takes me to the profile that was trying to be edited (even if the profile was my own). Any suggestions? -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---