On Monday, May 29, 2006, at 9:14 PM, Nicholas Evans
wrote:>Howdy,
>
>I''m writing an ''edit profile'' screen. I was
writing some tests first
>(yay!), and I realized that, if you were smart, you could use the edit
>form to change your username.
>
>I know I could use attr_protected on username, but that would still
>allow for usernames to be changed (abeit not through the form). How can
>I make the username read only AFTER the object has been created?
>
>Is attr_reader what I need?
>
>I thought about doing it with before_validation_on_update, but I''m
not
>sure as to what the best method of determining what the
''true'' username
>is to compare it to the one that the model has now. Would username
>User.find_by_id(id).username be The Right Way to do this in the callback?
>
>Thanks!
>
>- Nick Evans
>_______________________________________________
>Rails mailing list
>Rails@lists.rubyonrails.org
>http://lists.rubyonrails.org/mailman/listinfo/rails
Do you really need to prevent this? If you have all your internal
references to the user.id number, then there is no real need for the
username to be the same. If you enforce a unique name (with
''validates_uniqueness_of''), then it probably doesn''t
matter much.
If you really need it, you might want to check out the model_security plugin.
_Kevin
--
Posted with http://DevLists.com. Sign up and save your mailbox.