Hi, I just have a “best practices” question. I’d like to block users
that don’t own a particular resource from performing edit/update/
destroy actions on it. Here’s how I currently do it:
User has many resources, of different types
------- resource_controller.rb -------
before_filter :require_ownership, :only => [:edit, :update, :destroy]
… public actions …
------- application.rb -------
resource.user_id == @current_user.id
… And I apply this before_filter in the controller of any resource
I’d like to restrict in a similar way. I’m new to Rails and MVC so
I’m just wondering whether this is the best way of accomplishing this,
or if a different method is recommended.
Thanks in advance!