small medium large xlarge

Generic-user-small
29 Aug 2008, 14:20
Daniel (3 posts)

For example, given a User model with a :role attribute, such that the default value for that attribute is defined in the database, the application needs to ensure that the user creation form is not spoofed and a :role provided. Otherwise, @user = User.new(params[:user]) would enable new users to be created with arbitrary roles.

I know that I could create my own validate function, but it seems like validates_absence_of functionality is as foundational as validates_presence_of, so I’m wondering if I am misunderstanding something.

Thank You,

Daniel

Generic-user-small
19 Sep 2008, 13:51
Daniel (3 posts)

attr_protected does this

Also see attr_accessible

You must be logged in to comment