I''m working on an app which has a :featured_at in Users and Groups
tables. The attribute enables a site admin to set records to a
:featured_at datetime. There''s named spaced admin controllers for the
Users and Groups. The problem is, to set the :featured_at in the admin
controllers for users and groups, the attribute had to be exposed under
attr_accessible in User.rb and Group.rb. This means we''re open to mass
assignment hacks on this attribute. Is there a more elegant route to
avoiding hacks than setting the params[:user][:featured_at] = nil (same
for groups) in the public facing controllers for :create and :update
actions?
--
Posted via http://www.ruby-forum.com/.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---
