what’s the best protection against someone trying to modify an URL in a
if the user enter another URL /users/26/posts, he can get acces to user
26 posts unless …
a before_filter is checking the current_user ID
but is there any other way to do it ?
thanks for your lights