In the controller, do something like:
@order = current_user.orders.find(params[:id] @return = @order.returns.create(params[:return])
The first line will only find the order if it belongs to the current user.
-Jonathan.
In the controller, do something like:
@order = current_user.orders.find(params[:id] @return = @order.returns.create(params[:return])
The first line will only find the order if it belongs to the current user.
-Jonathan.