I''m working on an app which has a :featured_at in Users and Groups tables. The attribute enables a site admin to set records to a :featured_at datetime. There''s named spaced admin controllers for the Users and Groups. The problem is, to set the :featured_at in the admin controllers for users and groups, the attribute had to be exposed under attr_accessible in User.rb and Group.rb. This means we''re open to mass assignment hacks on this attribute. Is there a more elegant route to avoiding hacks than setting the params[:user][:featured_at] = nil (same for groups) in the public facing controllers for :create and :update actions? -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---