Nested Routes and Consistent IDs / Security

What is the standard method of ensuring that the IDs in a nested route
are consistent with one another?

Suppose my RESTful rails app uses the following route:


A GET request to this route will trigger the 'show' action for a
photo. Now, this action only needs the final id of 7 to render the
photo, which means that


will render the same photo from the same album. This is sloppy and
potentially insecure.

The most obvious solution would be to check that these IDs are
consistent in some kind of before_filter, and then redirect if they're

I'm just wondering if there's some standard, clever way of doing
this. A best practice, perhaps? How do developers handle this?


In your show method:

@photo = User.find(params[:user_id]).albums.find(params[:album_id]).photos.find(params[:id])