Using before_filter to load owner objects

We're trying to secure our application and someone yesterday suggested
a good idea.

Say we have blogs that belog to users our models would be something

class User < ActiveRecord::Base
  has_many :blogs

class Blog <ActiveRecord::Base
  belongs_to :user

we already have an authentication system inplace and on top of that we
have been doing something like

@blog = Blog.find(:first, :conditions => ["user_id = ?",

but someone suggested using something like

before_filter {|cntrlr| cntrlr.user = User.find(session[:user_id]) }

in the controller so that we could make a call like

@blog = @user.blogs.find(:first)

(Actually they suggested that we place it in the application.rb but
not all of our objects have users.)

However, if we place it in the blog controller, like:

class NotebooksController < ApplicationController

  before_filter { |ctrl| crtl.user = User.find(session[:user_id]) }


we get the folowing error:

    undefined method `owner=' for NotebooksController:Class

I'm still a little new to this so I don't really understand what's
going on here or how to make it work (assuming that I can and the
person who suggested this isn't leading me up the path). I understand
that there isn't an 'owner=' function defined for the controller, but
shouldn't ther be one for the model, or am I completely lost?



Where are you calling '.owner'?

If you are trying to get the User of a specific Blog associations work like this:

User.find(:first).blogs # returns an Array of Blog

Blog.find(:first).user # returns the User that the Blog belongs to.

No, 'owner' method is created by using has_many/belongs_to.