I have an application used by several organizations and I want to check that users of one domain (a.domain.com) cannot edit users of another domain (b.domain.com). My question is where to put the logic, in a before filter or in the view?
View:
<% if @user.websites.detect {|website| website.url == request.host} %>
render :partial => form
<% else %>
render :partial => no_access
<% end %>
Or, in the controller:
before_filter :verify_editable_user, :only => [ edit , update , delete ]
protected
def verify_editable_user
@user = User.find(params[:id], :include => websites )
unless @user.websites.detect {|website| website.url == request.host}
render no_access
end
end
In this scenario, the first version feels cleaner to me. However, the second seems more along the MVC scenario. What do you think? Am I way off base? Thanks in advance.