We currently use the session to keep track of which client
is being worked on, but think our new rest interface should
be stateless.
Should I be redesigning our existing stuff to include client_id
in URLs where necessary?
Or even go a bit further, and include client_id in every resource,
even when not necessary, to keep erroneous implementations
from messing with the wrong tenant..? (We do have an auth layer,
but accounts will have access to multiple tenants.)
_____
Not very elegant code sample:
# GET /customers
# GET /customers.xml
def index
client_id = nil
respond_to do |format|
format.html { client_id = current_client.id }
format.xml { client_id = params[:client_id] }
end
@customers = Customer.find(:all, :include => [:account],
:conditions => ["client_id = ?", client_id])
respond_to do |format|
format.html # index.rhtml
format.xml { render :xml => @customers.to_xml(:include =>
[:account]) }
end
end
Thanks,
Isak
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---