Home/ Questions/Q 6318095
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-24T15:36:06+00:00

I have run into an issue regarding how to identify which user owns particular

  • 0

I have run into an issue regarding how to identify which user owns particular resources so that I can prevent inappropriate access to them.

I have the following nested associations:

User has many
Profiles has one
SamplePage has many
Subjects

Once they become nested this deep it’s become very unwieldy to access the user object via the associations and then compare that to current user e.g.:

@subject.sample_page.profile.user == current_user

I’ve read that a better way of restricting access is to scope the retrieval of a model to the current user. e.g:

@profile = current_user.profiles.find(params[:id])

That makes a lot of sense to me but how would I do a similar thing to get a Subject back? I’ve not found any examples that used nested associations.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    not sure to understand what you want to do, and not sure i can help you since i’m a huge noob, but i would try something like this (assumed that current_user returns a User):

    class Profile < ActiveRecord::Base
  has_many :subjects, :through => :sample_pages
end

    and in your controller:

    @subject = current_user.profiles.subjects.find(params[:id])

    more handy this way:

    class User < ActiveRecord::Base
  def subjects
    profiles.subjects
  end
end

@subject = current_user.subjects.find(params[:id])

    all of this should be lazy loaded, as explained here : http://asciicasts.com/episodes/202-active-record-queries-in-rails-3

    however, if it is a frequent operation, you may want to redesign things a bit, as long chains of associations mean heavy queries (lots of joins).

    • 0