Suppose I have a classic blog application augmented with something like
restful authentication so that users must log in to create blog posts
issue comments on other blog posts.
I would like to give a user the option of deleting blog posts, but only
those that (s)he has created.
Do I put that logic in my Post model or in the controller? Or does it
the User model? Or should it go (somehow) in the session controller? In
principal, the Post model only knows about users to the extent that it
belongs_to :user. It doesn’t have any notion of who is currently logged
– that’s the business of the session controller. But the user views
the posts through the #index view of the session controller – it seems
logical to add a “Delete” link/icon next to the current user’s posts in
I am curious to learn what other folks have done, and what your opinions
on this issue.
Thanks for giving me the opportunity to ask