# Not Good
def show
@order = Orders.find(params[:id])
end
# Good:
#@user is the logged on user.
def show
@order = @user.orders.find(params[:id])
end
class LineItemsController < ApplicationController
before_filter :setup
#snip many lines
protected
def setup
@invoice = @user.invoices.find(params[:invoice_id]) unless params[:invoice_id].blank?
@line_item = @invoice.blank? ? @user.line_items.find(params[:id]) : @invoices.line_items.find(params[:id])
end
end