One correction and one addition:
the before filters should look like this:
before_filter :login_required, :except => [:new, :create]
before_filter :authorize, :except => [:user_edit, :update, :new,
:create]
Otherwise, your new users wouldn't be able to register..
And, to protect your "new user" from being able to hack their form and
add admin=true, you change the following in create method from:
@user = User.new(params[:user])
TO..
@user = User.new(params[:user].merge({ :admin => "false" }))
--
Posted via
http://www.ruby-forum.com/.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk@...
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe@...
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en-~----------~----~----~----~------~----~------~--~---
