How to prevent users from looking at other user's data

Say I have Users. A user can login and create e.g. Houses..and Houses can contain People ..etc.

How do I prevent another logged in user from accessing another user's House (e.g. -> where id=1 doesn't belong to this user but to another user).

Would People also need to have a user_id field so I can check if the request was done by the correct user?

Thanks! I didn't know that something like current_user.houses.people.find_by_id(param[:id]) would work :slight_smile: