On 26 February 2011 14:31, Mauro <[email protected]> wrote: > I know it's a good practice setting attr_accesible for models. > As an example if I have a model with admin: boolean attribute and if I > don't set attr_accessible, a user can do: put /users/17?admin=1 making > user 17 an admin. > But if I have attr_accessible set and I want to create new users with > a html form, how can I set admin true or false? > I have to do an update directly in the database?
You don't need a separate operation on the db. In create or update in the controller, before you call save or update_attributes, then set the admin attribute if appropriate. Colin -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
