Cleaning up some security checking code

Hi,

Does anyone have any thoughts on a cleaner way to achieve the
following in a controller ...

def show
    if current_user.can_access_organisation(params[:id])
      @organisation = Organisation.find(params[:id])
    end
    respond_to do |format|
      format.html # show.html.erb
      format.xml { render :xml => @organisation }
    end
end

As you can see I am testing to make sure the current user is able to
access an organisation, however the site breaks when the test is
broken which doesn't look very nice.

Any ideas much appreciated.

Richie.

You only set @organisation to a value if the user can access the
organization...so sometimes @organization is nil and you'll have an
error when trying to access it.

try something like this to make sure you don't try to access a nil
value.

if can access
  @organisation =
    respond_to do |format|
      format.html # show.html.erb
      format.xml { render :xml => @organisation }
    end
else
    respond_to do |format|
      format.html { redirect_to, or render an error of some sort }
      format.xml { redirect_to, or render an error }
    end
end