[Rails] Re: Rails 3, help controlling access to a record based on the user id

Thanks all, this ended up working which I believe scopes correctly...
Thoughts?

@note = current_user.notes.find(params[:id])

On Sep 6, 3:04 am, Frederick Cheung <frederick.che...@gmail.com>
wrote:
> On Sep 6, 4:38 am, nobosh <bhellm...@gmail.com> wrote:
>
> >                 def correct_user
> >                         #@note = Note.find(params[:id])
> >                         #@note_userid = @note.user_id
> >                         @note = @user ? @user.notes.find(params[:id]) : nil
> >                         @current_userid = current_user.id
> >                         redirect_to(root_path) unless @current_userid == @note_userid
>
> You don't seem to be setting @note_userid anywhere. The check is
> redundant though - doing @user.notes.find(...) ensures that the
> returned note (or notes) have a user_id that is @user.id. You
> obviously need to set @user to somethign first (or if current_user is
> set appropriately by your authentication stuff then you could do
> current_user.notes.find(...).
>
> Fred

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.