Should I use global variables here?

This is a common situation and I was wondering what the professional way
to handle this would be:

I am going to create an example here, this example is just to help you
grasp the concept.

You have 3 models:
Users
Orders
Returns

Users has many orders and orders has many returns. A user goes to create
a return, I want to validate that the return is assigned to an order
that belongs to that user. Because when he goes to create the return he
has to select which order it is for. He could easily send me any order
id he wants.

I realize you could validate this in the controller, but this isn’t
where the validation belongs in my opinion. So I thought that it might
not be a bad idea to create a class called Globals or something and then
I could pass their user object to it. Now the models have access to this
user object and the validation can be in the model instead of the
controller.

What do you think is the best solution here? Because the last thing I
want to happen is to allow users to start creating returns for other
users.

Thanks for your help.

In the controller, do something like:

@order = current_user.orders.find(params[:id]
@return = @order.returns.create(params[:return])

The first line will only find the order if it belongs to the current
user.

-Jonathan.