Dear rails user
I’ve just spent serveral hours getting to know the authentication
plugins like “act as authenticated”, “model based security” etc.
Now I’m wondering why none of the existing plugins use a model based
finder approach? My idea:
Overwrite the finder of each model to deliver only the allowed
records.
As I always use MyModel.find(all) or MyModel.find(4) etc. the model
MyModel would always be secured, no matter what I’d like to do… lets
say destroy or edit.
But because none of the other plugins use this idea, I’m quite
suspicious that I overlook a huge drawback.
Can anybody of you tell me what I miss? Thanks!
Best regards
Markus