I would guess since you're doing the form as an accessible through user, there's a bug where it's not checking permissions on an accessible item prior to save.
On Jun 22, 5:20 am, ChrisBee <[email protected]> wrote: > When is the update_permitted? method of a class being called - or not? > > I have added a detail class to User -> Bet. Each User can have > multiple bets. > > On the front page, I have added the current users list of bets as a > form. Upon displaying the page, the method Bet.update_permitted? is > being called (some bets are not editable anymore). > > Upon committing the form however, the Bet.update_permitted? method is > not called anymore. This means a user can still edit bets he is not > permitted to by modifying the html code before submitting the form. > > What am I doing wrong? The code is > here:http://github.com/ChrisBee/Bettor/blob/master/app/models/bet.rbhttp://github.com/ChrisBee/Bettor/blob/master/app/views/front/index.d... > (line 52/54, home_score and away_score) > > Any help is greatly appreciated! -- You received this message because you are subscribed to the Google Groups "Hobo Users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/hobousers?hl=en.
