How to prevent users from looking at other user's data

Gerwin · February 11, 2009, 8:04pm

Say I have Users. A user can login and create e.g. Houses..and Houses can contain People ..etc.

How do I prevent another logged in user from accessing another user's House (e.g. http://test.com/houses/1 -> where id=1 doesn't belong to this user but to another user).

Would People also need to have a user_id field so I can check if the request was done by the correct user?

Gerwin · February 12, 2009, 1:30am

Thanks! I didn't know that something like current_user.houses.people.find_by_id(param[:id]) would work

Topic		Replies	Views
How to restrict viewing/modifying other users data? rubyonrails-talk	4	147	September 25, 2008
How to have users who can only view his/her own stuff. rubyonrails-talk	7	172	June 26, 2008
User a owns resource x; don't let user b see user a's resources... rubyonrails-talk	3	124	January 14, 2010
newbie question - limiting record view rubyonrails-talk	6	108	September 5, 2009
what is the ruby way to check for permissions? rubyonrails-talk	5	214	December 1, 2007

How to prevent users from looking at other user's data

Related topics

More Resources