[Rails] protecting resources in an app

hi chaps. just want to check that i'm on the right lines with protecting
resources in an app, the idea that only the resources owner can do stuff
to it I figure there are only two steps I need (with authlogic), but I
may be missing stuff 1st is a check authorised before filter, which just
checks that a valid user is logged in that before filter is on all the
actions that need protecting the 2nd step is to change the default find
method in the controller from this type of thing @thing =
Thing.find(params[:id]) to this ... @thing =
current_user.things.find(params[:id])

am I on the right lines ?
--
Posted via http://www.ruby-forum.com/.

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.