First, I would put the responsibility on checking ownership on the restaurant, not on the owner, especially since you are implementing this check in the RestaurantsController.
And, further, you seem to be over-engineering the ownership check. Really, you just need to check restaurant.owner == current_owner
.
restaurant.rb
def owned_by?(current_owner)
owner == current_owner
end
This method only needs to go in the model (as opposed to living as a single line in the controller before filter) if you think you'll be reusing it elsewhere.
Or, alternately, if your owner is going to be managing many different sorts of objects, you could leave the permissions check in the owner model and make it more flexible.
owner.rb
def manages?(object)
object.respond_to?(:owner) && object.owner == self
end
The approach you were using, with find and find_by_id is fragile and non-preferred in ActiveRecord querying. Specifically, find_by_* throws an exception when you get no result. On the other hand, using where(:id => id) would return an empty array or nil if there was no result.
Take a look at these for more insight and best practices.
http://tenmiles.com/blog/2011/07/activerecord-finders-returns-nil-or-throws-exception/
http://guides.rubyonrails.org/active_record_querying.html