small medium large xlarge

29 Aug 2008, 14:20
Daniel (2 posts)

For example, given a User model with a :role attribute, such that the default value for that attribute is defined in the database, the application needs to ensure that the user creation form is not spoofed and a :role provided. Otherwise, @user =[:user]) would enable new users to be created with arbitrary roles.

I know that I could create my own validate function, but it seems like validates_absence_of functionality is as foundational as validates_presence_of, so I’m wondering if I am misunderstanding something.

Thank You,


19 Sep 2008, 13:51
Daniel (2 posts)

attr_protected does this

Also see attr_accessible

You must be logged in to comment