Hello,

How do I avoid that users can change the user_id in the hidden-fields
from firebug. I was surprised that I can log in with a user and create
a record on the behalf of another user by changing the user_id value
with firebug.

User model:
  has_many :arts, :dependent  => :destroy

Art model:
  belongs_to :user, :creator => true


Best regards.
Asbjørn Morell

-- 
You received this message because you are subscribed to the Google Groups "Hobo 
Users" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to 
[email protected].
For more options, visit this group at 
http://groups.google.com/group/hobousers?hl=en.

Reply via email to