This is my route:

scope ":username" do
  resources :feedbacks
end

So when I go to mydomain.com/test/feedbacks/10 it shows the correct feedback with id=10 that belongs to username=test.

But, if I go to mydomain.com/test2/feedbacks/10 it shows me the same feedback with id=10, which does NOT belong to username=test2.

How do I restrict this from happening?

I am using the Vanity gem to give me the username in the URL, this is what that route looks like:

controller :vanities do 
    match ':vname' => :show, :via => :get, :constraints => {:vname => /[A-Za-z0-9\-\+\@]+/}
  end

Edit 1:

That is to say, for clarity’s sake, when I go to mydomain.com/test/feedbacks/10 and /test2/feedbacks/10, it shows me the same view for the same record (in which case, the latter version would be wrong because it should be telling me that no such record exists, but it’s not. It is just displaying the correct record for test/feedbacks/10).

Edit 2:

Here are the logs of both requests:

The right request

Started GET "/test-3/feedbacks/7" for 127.0.0.1 at 2011-09-14 02:48:15 -0500
  Processing by FeedbacksController#show as HTML
  Parameters: {"username"=>"test-3", "id"=>"7"}
  Feedback Load (0.5ms)  SELECT "feedbacks".* FROM "feedbacks" WHERE "feedbacks"."id" = ? LIMIT 1  [["id", "7"]]
  User Load (0.5ms)  SELECT "users".* FROM "users" WHERE "users"."id" = 3 LIMIT 1
Rendered feedbacks/show.html.erb within layouts/application (36.2ms)
Completed 200 OK in 188ms (Views: 184.3ms | ActiveRecord: 1.8ms)

The wrong request

Started GET "/test2/feedbacks/7" for 127.0.0.1 at 2011-09-14 02:48:28 -0500
  Processing by FeedbacksController#show as HTML
  Parameters: {"username"=>"test2", "id"=>"7"}
  Feedback Load (0.1ms)  SELECT "feedbacks".* FROM "feedbacks" WHERE "feedbacks"."id" = ? LIMIT 1  [["id", "7"]]
  User Load (0.2ms)  SELECT "users".* FROM "users" WHERE "users"."id" = 3 LIMIT 1
Rendered feedbacks/show.html.erb within layouts/application (37.6ms)
Completed 200 OK in 50ms (Views: 47.5ms | ActiveRecord: 1.2ms)