Query Scoping.md

# Not Good
def show
  @order = Orders.find(params[:id])
end

# Good:
#@user is the logged on user.
def show
  @order = @user.orders.find(params[:id])
end

class LineItemsController < ApplicationController
  before_filter :setup

  #snip many lines

  protected

  def setup
    @invoice = @user.invoices.find(params[:invoice_id]) unless params[:invoice_id].blank?
    @line_item = @invoice.blank? ? @user.line_items.find(params[:id]) : @invoices.line_items.find(params[:id])
  end
end