I've got an app running that uses acts as attachment.
Works well and i've secured an admin area and an owners area.
Trouble is I now need to secure each action to ensure that people can't
just alter a url to edit another owners records. Any tips for doing
I have a concept of a logged in owner. @owner = current_owner.
Be grateful for any pointers, i'm looking for the simplest solution.