On Jul 9, 3:18 pm, "Älphä Blüë" <
rails-mailing-l...@...>
wrote:
> This works great for protecting my pages and allowing me to perform many
> administrative functions live on the site. However, one potential issue
> that I see is as far as user administration.
>
> I've made it so that I can edit/update users through my administrative
> pages and protected those pages so only admins can access them.
> However, in order to set whether or not a user is an admin and be able
> to update that user, I need to have:
>
> attr_accessible :admin
>
> If I set this to attr_protected :admin
>
> .. I'm unable to access that attribute and won't be able to update my
> admins..
Not quite true. it means that you can't do some_user.update_attributes
(:admin => true).
You can however do some_user.admin = true
The attr_accessible/attr_protected mechanism is a bit of a blunt tool.
There has been some discussion about revisiting this for rails 3
Fred
>
> So, I'm looking for ways to call an exception but still enforce a
> protected status when users go to register and when they edit their
> profile. Obviously I don't want them hacking into their profiles and
> giving themselves admin status. But, at the same time, I want to be
> able to manage users through my admin pages..
>
> Any advice, suggestions would be appreciated.
>
> Thanks.
> --
> Posted viahttp://www.ruby-forum.com/.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk@...
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe@...
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en-~----------~----~----~----~------~----~------~--~---
