I have an app that has Basecamp-style subdomains, that is, I have Projects, Users, Apples and Oranges. The Users, Apples and Oranges are all keyed to a Project and only exist in the http://project.myapp.com. I added a project_id to Users, Apples and Oranges and everything works, except of course that the ids of those three objects increment globally, and throughout my app I lookup objects by that id.
This doesn't seem lik开发者_StackOverflowe best practice. Should I instead do lookups by a secondary key? How does that affect efficiency? If there's a good blog post that covers this, would be wesome.
It is ok to have a global id (in the database). If possible, don't show those database ids, use friendly urls instead.
Anyways, you shouldn't trust your users: even if you have the id, check if the record is associated with the project.
In your controllers just scope everything to a Project, assuming a Project has_many :apples
:
class ApplesController < ApplicationController
before_filter :find_apple
private
def find_apple
if current_user.is_admin?
@apple = Apple.find(params[:id])
else
# Scope to the current project/subdomain
# Note the use of current_project
# You need to exchange this with whatever you use to get the project object
@apple = current_project.apples.find(params[:id])
# Do something here if @apple is nil, like redirect
end
end
end
精彩评论