Andrew France wrote: > On Jan 15, 7:15 am, Robert Walker <[email protected]> wrote: >> This was what I was referring to when mentioning not seeing the benefit. >> How is this any safer than update_attributes coupled with >> attr_accessible or attr_protected? > > The benefit for me is that I only want certain attributes to be > updated in certain controller contexts. I may have several attributes > on the user model that only the root user can update so I would set > them to protected in the model and can override it in the controller > when the user is root.
Thanks for explaining. I was trying to figure out what benefit you were gaining by this. That clears things up a bit. I haven't used it myself, but I have heard of a model level authorization framework called Lockdown. Maybe it's something you could look at to see if it servers your needs. http://github.com/stonean/lockdown -- Posted via http://www.ruby-forum.com/.
-- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
