I have a model containing user records and I want each user to only be
able to edit his own data. I am storing the user_id in a session table.
I was hoping to be able to use validate_on_update that would compare
the POSTed id with that stored in the session table, so I wrote (in the
if session[:user_id] != id
errors.add("You are not allowed to edit this record.")
When I do an update I get "undefined local variable or method `session'
What concept am I not getting here?