I know it's a good practice setting attr_accesible for models. As an example if I have a model with admin: boolean attribute and if I don't set attr_accessible, a user can do: put /users/17?admin=1 making user 17 an admin. But if I have attr_accessible set and I want to create new users with a html form, how can I set admin true or false? I have to do an update directly in the database?
-- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
