1) With nested routes, you are always still looking for the user - you
fetch it in the Journals controller and that's where you can evaluate
it. What you can do is fetch the current_user unless the current_user
is an admin or whatever
2) About the routes I'd like to know that... if you always fetch the
current_user it would be possible since you don't pass the user_id in
the URL anymore, but admins and such wouldn't be able to see another's
journal.
Ramon Tayag
Two things:
1) A has_many do not necesseraly mean a nested resource _in your
interface_. You can simply configure
map.resources :journals
map.resources :measurements
2) Access control is implemented via AR finders. In this case you'd do
def index
@journals = current_user.journals
end
# before filter
def find_journal
current_user.journals.find(params[:id])
rescue
redirect_to journals_url
end