I am looking for a simple way to implement a form of “data ownership”
in a Rails application. Basically, I’d like for users / accounts to
only be able to view or operate on model data that they have created
themselves and to not have any sort of awareness of the data created
by other users / accounts.
My initial thought is that I will need something like account_id on
all of the models and each request will check that the searched for
model id is owned by the currently authenticated account. Has anyone
done anything like this and is there a simpler way?