On Sat, Feb 26, 2011 at 10:12 PM, Colin Law <[email protected]> wrote:
> On 26 February 2011 14:31, Mauro <[email protected]> wrote: > > I know it's a good practice setting attr_accesible for models. > > As an example if I have a model with admin: boolean attribute and if I > > don't set attr_accessible, a user can do: put /users/17?admin=1 making > > user 17 an admin. > > But if I have attr_accessible set and I want to create new users with > > a html form, how can I set admin true or false? > > I have to do an update directly in the database? > > You don't need a separate operation on the db. In create or update in > the controller, before you call save or update_attributes, then set > the admin attribute if appropriate. > > Colin > > Is it good practice to do in the models or in controllers. If it is models then all sorts of validations go in place. Regards, > -- > You received this message because you are subscribed to the Google Groups > "Ruby on Rails: Talk" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/rubyonrails-talk?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
