Forum: Ruby on Rails RE: Application Design

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
Campano, David (Guest)
on 2006-04-24 20:55
(Received via mailing list)
Thanks everyone for the great responses!  I really appreciate the great
feedback.

One more question.  Let's say that I only want the user that submitted
the order to be able to delete it.  Right now I am tracking that user's
id in session[:user_id] and there is a user_id column in the orders
table.
Is the best place to check if this user should be able to delete in the
controller or model?  Right now I have created a 'is_order_owner?'
method in the controller that I use in an If statement before executing
the delete.  Is this the appropriate place to put the code, or should I
have it in the model?
Tom M. (Guest)
on 2006-04-24 22:25
(Received via mailing list)
On Apr 24, 2006, at 9:52 AM, Campano, David wrote:

> statement before executing the delete.  Is this the appropriate
> place to put the code, or should I have it in the model?

I'm assuming you're using session[:user_id] to find
a user on logged in pages.

I'd put a method in Order like this:

   def destroy_by_user(user)
     if user.id == order.user.id
       destroy
       true
     else
       false
     end
   end

And in the controller I'd say;

   if order.destroy_by_user(@logged_in_user)
     # success
   else
     # failure
   end

--
-- Tom M.
This topic is locked and can not be replied to.