my question is maybe silly.... but it's already July 4th .. and I am tired..
until now I have been using in my tests the following routes (simplified version)
map.resources :academies do |academies| academies.resources :ecourses academies.resources :instructors academies.resources :trainees end
so I get the URL type : /academies/1/libraries from academy_libraries_path(current_user.academy)
the current_user being defined , and he is always logged into one academy when working ( current_user.academy)
I wonder is it possible to replace academy_id in the URL with a string 'CURRENT' ? and have :
/academies/CURRENT/libraries (then nobody could hack the academy)
or is it better to keep the REST URL type and perform a security check (permit ) in the controller ??
thanks