On Jul 9, 3:18 pm, "Älphä Blüë" <[email protected]> wrote: > This works great for protecting my pages and allowing me to perform many > administrative functions live on the site. However, one potential issue > that I see is as far as user administration. > > I've made it so that I can edit/update users through my administrative > pages and protected those pages so only admins can access them. > However, in order to set whether or not a user is an admin and be able > to update that user, I need to have: > > attr_accessible :admin > > If I set this to attr_protected :admin > > .. I'm unable to access that attribute and won't be able to update my > admins..
Not quite true. it means that you can't do some_user.update_attributes (:admin => true). You can however do some_user.admin = true The attr_accessible/attr_protected mechanism is a bit of a blunt tool. There has been some discussion about revisiting this for rails 3 Fred > > So, I'm looking for ways to call an exception but still enforce a > protected status when users go to register and when they edit their > profile. Obviously I don't want them hacking into their profiles and > giving themselves admin status. But, at the same time, I want to be > able to manage users through my admin pages.. > > Any advice, suggestions would be appreciated. > > Thanks. > -- > Posted viahttp://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
