Thanks everyone for the great responses! I really appreciate the great feedback. One more question. Let's say that I only want the user that submitted the order to be able to delete it. Right now I am tracking that user's id in session[:user_id] and there is a user_id column in the orders table. Is the best place to check if this user should be able to delete in the controller or model? Right now I have created a 'is_order_owner?' method in the controller that I use in an If statement before executing the delete. Is this the appropriate place to put the code, or should I have it in the model?
on 2006-04-24 18:55
on 2006-04-24 20:25
On Apr 24, 2006, at 9:52 AM, Campano, David wrote: > statement before executing the delete. Is this the appropriate > place to put the code, or should I have it in the model? I'm assuming you're using session[:user_id] to find a user on logged in pages. I'd put a method in Order like this: def destroy_by_user(user) if user.id == order.user.id destroy true else false end end And in the controller I'd say; if order.destroy_by_user(@logged_in_user) # success else # failure end -- -- Tom Mornini