Colin Law wrote in post #972816: > I think I misunderstood what you meant, you said: >> I would add a custom param called params[:updatable] to both the create >> an update actions of the controller, and pass the values of true from >> create and false from update to the model. The model allows the field to >> be saved if true. > > I thought you meant pass :updatable from the view to the create and > update actions, but perhaps you meant just set them in the controller > action and then pass them to the model. In that case how would you > interrogate :updatable in the model, given that update_attributes will > be used to do the update? > > Colin
Yes, that is what I meant Colin. I actually encountered something similar when going over my forum software that I was working on. I needed to decide how to allow some fields to be updated, but only in specific situations. So, I created a bitfields permissions system for authorization on controller actions and within views. I have a permissions table with action types that have bits assigned. I can define permissions for all objects, including users, controllers, views, and even models. I'll give you a brief idea: https://gist.github.com/768843 But, to answer your question, I would interrogate the action with bitfield permissions. -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
