I have a model containing user records and I want each user to only be able to edit his own data. I am storing the user_id in a session table. I was hoping to be able to use validate_on_update that would compare the POSTed id with that stored in the session table, so I wrote (in the model/user.rb file):
def validate_on_update if session[:user_id] != id errors.add("You are not allowed to edit this record.") end end end
When I do an update I get "undefined local variable or method `session' for #"
What concept am I not getting here?
Thanks