I want to make my controller only show records for view, edit and
destroy that belong to their owner (the user who created it).
My question - My first guess would be to perhaps create a filter for
the "show" action. Thus presenting the user with only their own
records. Does this make sense ? And, is it possible for a hacker to
send a request like '7;edit' (when 7 doesn't belong to them). So,
perhaps I need to code all the actions for the right user ?