On 28 February 2011 04:01, Bhasker Harihara <[email protected]> wrote: > > > On Sat, Feb 26, 2011 at 10:12 PM, Colin Law <[email protected]> wrote: >> >> On 26 February 2011 14:31, Mauro <[email protected]> wrote: >> > I know it's a good practice setting attr_accesible for models. >> > As an example if I have a model with admin: boolean attribute and if I >> > don't set attr_accessible, a user can do: put /users/17?admin=1 making >> > user 17 an admin. >> > But if I have attr_accessible set and I want to create new users with >> > a html form, how can I set admin true or false? >> > I have to do an update directly in the database? >> >> You don't need a separate operation on the db. In create or update in >> the controller, before you call save or update_attributes, then set >> the admin attribute if appropriate. >> >> Colin >> > Is it good practice to do in the models or in controllers. > > If it is models then all sorts of validations go in place.
To do exactly what in the model or controller? Presumably the decision about whether a user is admin or not is made in a controller action. You can then set @user.admin = true before saving, or you could call a model method @user.set_admin(true). It is up to you which you prefer. Colin > > Regards, >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Ruby on Rails: Talk" group. >> To post to this group, send email to [email protected]. >> To unsubscribe from this group, send email to >> [email protected]. >> For more options, visit this group at >> http://groups.google.com/group/rubyonrails-talk?hl=en. >> > > -- > You received this message because you are subscribed to the Google Groups > "Ruby on Rails: Talk" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/rubyonrails-talk?hl=en. > -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
