I use Goldberg (http://wiki.github.com/urbanus/goldberg) to manage this situation. It's possible to restrict access to controllers/ actions by roles. So you can forbid edit/update to normal users (or on the other hand, forbid everything then allow only view for normal users).
But anyway, you are not protected against a configuration mistake or any security bug... Jej --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk@googlegroups.com To unsubscribe from this group, send email to rubyonrails-talk+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---