Seirie wrote: > Hey guys, is there a validation that essentially acts the opposite way > of "validates_presence_of". That is, the attribute in question must be > nil, or blank, non-existent. If not, what's the best way to prevent a > user from altering a web form attempting to submit data to a field > that they should never have access to?
What you're looking for is attr_accessible and/or attr_protected: http://railsapi.com/doc/rails-v2.3.5/classes/ActiveRecord/Base.html#M000920 If you were to do that in validation it would render the attribute virtually useless. You would have to bypass validation altogether in order to set it at all. What you really want is to disallow mass assignment of the attribute. That's what the above methods do. -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
