Managing user accounts and data records


#1

Hi,
I am looking for a simple way to implement a form of “data ownership”
in a Rails application. Basically, I’d like for users / accounts to
only be able to view or operate on model data that they have created
themselves and to not have any sort of awareness of the data created
by other users / accounts.

My initial thought is that I will need something like account_id on
all of the models and each request will check that the searched for
model id is owned by the currently authenticated account. Has anyone
done anything like this and is there a simpler way?

Thanks


#2

Google model scoping.

Basically you get:

For ‘dogs’ list your list action

You hve a before filter to authorize and set the logged in user then:

logged_in_user.dogs

The show action has:

logged_in_user.dogs.find(params[:id])

That way people can’t look up the wrong records

Sent from my iPhone