Thanks everyone for the great responses! I really appreciate the great
feedback.
One more question. Let’s say that I only want the user that submitted
the order to be able to delete it. Right now I am tracking that user’s
id in session[:user_id] and there is a user_id column in the orders
table.
Is the best place to check if this user should be able to delete in the
controller or model? Right now I have created a ‘is_order_owner?’
method in the controller that I use in an If statement before executing
the delete. Is this the appropriate place to put the code, or should I
have it in the model?