hi there, i have a new object, lets call it user, user is involed in almost all other models in my db, it createds stuff, it updates stuff, it deletest stuff, it does all kind of stuff, but there is no easy why of know what a user *all* did, since the actions are scadderd all over the place, should i reverse the relation and create a N:M model in the middle?
you could, just my .02€ create a table with object, action, sometoken, send $user email with $token2, and perform some kind of handshake with the two (password salt thing) to confirm it's the user
you then never store the token you send an user, thus when the DB is *ever* stolen, they only have half of the key
maybe you can even use the devise salt/bcrypt thing and abuse it for this :)
you could just set a created_at in the action table and just crontab it every onece in a while and clear old stuff
depence on where you store your actions, and if you send the user as part of the "clickme url"