RE: Application Design

CampanoS_David · April 24, 2006, 6:55pm

Thanks everyone for the great responses! I really appreciate the great
feedback.

One more question. Let’s say that I only want the user that submitted
the order to be able to delete it. Right now I am tracking that user’s
id in session[:user_id] and there is a user_id column in the orders
table.
Is the best place to check if this user should be able to delete in the
controller or model? Right now I have created a ‘is_order_owner?’
method in the controller that I use in an If statement before executing
the delete. Is this the appropriate place to put the code, or should I
have it in the model?

CampanoS_David · April 24, 2006, 8:25pm

On Apr 24, 2006, at 9:52 AM, Campano, David wrote:

statement before executing the delete. Is this the appropriate
place to put the code, or should I have it in the model?

I’m assuming you’re using session[:user_id] to find
a user on logged in pages.

I’d put a method in Order like this:

def destroy_by_user(user)
if user.id == order.user.id
destroy
true
else
false
end
end

And in the controller I’d say;

if order.destroy_by_user(@logged_in_user)
# success
else
# failure
end

–
– Tom M.