I can see someone elses todos!!!

[toreserter]

For example i have a 2 users and every user has one todo and one tag for this todos User1 id =1 Todo1 id =1 Tag id =1 User2 id =2 Todo2 id =2 Tag id =2 I logged in as User1 and i entered http://localhost:3000/tags/2 to browser. I can see Todos related with that tag and i can see Todo2. This is an important bug!

[xaph]

@enderahmetyurt thanks for fix but I think we need to refactor tags controller. I didn't added a user filter to the tags#show action. I'm reopening it and assigning to myself

[xaph]

@enderahmetyurt cancan fixes my case :) my fault

[enderahmetyurt]

I refactored tag controller with beforefilter etc but it needs more.