One other thought - going back to the original example (admin user can mass-assign fields that are normally protected), what about an extra parameter to update_attributes (and possibly create)? ie:
@model.update_attributes(params[:whatever], [:stuff_non_admins_cant_change]) So essentially a, "no, really, you can mass-assign these attributes just this once" parameter. That would still allow regular code to work correctly while permitting the context-sensitive stuff you're looking for. --Matt Jones --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/rubyonrails-core?hl=en -~----------~----~----~----~------~----~------~--~---
