I’m creating a registration page where parents register their children
for an event. I have each parent give me a username and password to
login and register their children. Parents also have the ability to
come back and edit their children’s information. However, if I log in
as a parent to edit my child’s information, I can type another parent’s
child’s id into the URL to edit that child.
For instance, say I log into the system and view my children, and the
link to this is: …/children/edit/1, where 1 is the id of my child. I
can go up to the URL and type in …/children/edit/2, and edit the
information of a child other than my own. Is there any simple way to
stop this and allow parents to edit ONLY their assocaited children?
My aplogies if this is a simple question; I’m new to web development and
Ruby on Rails. But if anyone has a solution or can point me to a
resource that can answer my question, I’d greatly appreciate it.