Hello, I''m facing a small issue here with protected columns from being updated. (email, username) So I thought attr_protected is the solution, but this destroy my creation of user? I cannot assign email when creating new user? How do I solve this small issue? -- Posted via http://www.ruby-forum.com/.
On Aug 12, 9:47 am, Jamal Soueidan <rails-mailing-l...-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org> wrote:> Hello, > > I''m facing a small issue here with protected columns from being updated. > (email, username) > > So I thought attr_protected is the solution, but this destroy my > creation of user?attr_protected means you cannot assign the attribute using create (or update_attributes etc...) It does not mean that you can''t do user.email = ''...'' Fred> > I cannot assign email when creating new user? > > How do I solve this small issue? > -- > Posted viahttp://www.ruby-forum.com/.
Frederick Cheung wrote:> On Aug 12, 9:47�am, Jamal Soueidan <rails-mailing-l...@andreas-s.net> > wrote: >> Hello, >> >> I''m facing a small issue here with protected columns from being updated. >> (email, username) >> >> So I thought attr_protected is the solution, but this destroy my >> creation of user? > > attr_protected means you cannot assign the attribute using create (or > update_attributes etc...) > > It does not mean that you can''t do user.email = ''...'' > > FredThanks for fast answer. well, that''s a problem then because I need to assign everything myself? In my controller I did this normally. For new user @user = User.new(params[:user]) @user.save When updating @user = session[:user] // when logged in @user.update_attributes(params[:user]) Is this wrong? When can I use before_update and before_create to handle these cases? I also think update_attributes goes through all the columns before updating to check if any variable has changed :S -- Posted via http://www.ruby-forum.com/.
So I must do something like this then for now... @user = session[:user] @user.postal = params[:user][:postal] @user.birthday = params[:user][:birthday] @user.save Just to be 100% sure that no one can update anything else :) -- Posted via http://www.ruby-forum.com/.
On Aug 12, 10:02 am, Jamal Soueidan <rails-mailing-l...-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org> wrote:> Thanks for fast answer. > > well, that''s a problem then because I need to assign everything myself?only for those attributes marked as protected. Fred> > In my controller I did this normally. > > For new user > > @user = User.new(params[:user]) > @user.save > > When updating > > @user = session[:user] // when logged in > @user.update_attributes(params[:user]) > > Is this wrong? > > When can I use before_update and before_create to handle these cases? > > I also think update_attributes goes through all the columns before > updating to check if any variable has changed :S > -- > Posted viahttp://www.ruby-forum.com/.
Or you could use attr_readonly method (http://api.rubyonrails.org/ classes/ActiveRecord/Base.html#M002282). On 12 août, 05:07, Jamal Soueidan <rails-mailing-l...-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org> wrote:> So I must do something like this then for now... > > @user = session[:user] > @user.postal = params[:user][:postal] > @user.birthday = params[:user][:birthday] > @user.save > > Just to be 100% sure that no one can update anything else :) > -- > Posted viahttp://www.ruby-forum.com/.