Say I have Users. A user can login and create e.g. Houses…and Houses
can contain People …etc.
How do I prevent another logged in user from accessing another user’s
House (e.g. http://test.com/houses/1 -> where id=1 doesn’t belong to
this user but to another user).
Would People also need to have a user_id field so I can check if the
request was done by the correct user?