Validate Object Ownership (user_id) in model, or in controller?

Astorian · December 10, 2007, 6:33pm

Quick best practices question ...

I have a number of models with a user_id attribute

I am using the acts_as_authenticated plugin which lets you use something like current_user to extract the current user from the session. I have used this in my controllers successfully.

Would it be "wrong" to use this as a model validation? How would I make this accessible to the model? I can't seem to get it to work from within a model.

I'd like to write something that checks every model update, and verifies ownership (previous owner is current owner)

Thanks in advance for your help

Charles · December 10, 2007, 8:41pm

current_user is provided by acts_as_authenticated through the following method:

def current_user @current_user ||= (session[:user] && User.find_by_id(session[:user])) || :false end

Because of the sessions usage, I don't think you want to use model validation.

In the controllers you can do current_user.widgets.find() (instead of just Widget.find() ) which will only bring up authenticated items,

thanks, C.

Topic		Replies	Views
current_user rubyonrails-talk	0	108	September 23, 2006
Resyful authenticatio current_user in model rubyonrails-talk	3	179	September 16, 2010
acts_as_authenticated current_user in a model? rubyonrails-talk	4	130	January 24, 2007
getting session/controller objects available in a Model ??? rubyonrails-talk	13	224	September 8, 2006
Accessing controllers from models rubyonrails-talk	0	81	September 1, 2007

Validate Object Ownership (user_id) in model, or in controller?

Related topics

More Resources