In a coldbox app I have a protected area where users can edit/delete/modify record. I have two roles admin and user. With the security interceptor I have created my rules to allow/disallow access to my handlers. However I would like to let admin editing all records, but users should edit only their own record.
To solve this problem I have created a prehandler where I check which role is trying to edit the record, and if it’s user and the record he try to edit is not his own I redirect to an error page. Is this a good way to accomplish this?
Or is there a better solution?