search for: user_is_admin

...the plain html elements from the partial template have been stripped, leaving only the elements inserted via the <%= statements. I would appreciate any hints. Best, Eric here is the controller action that responds to the ajax request: =============================== def find_users @user_is_admin = is_admin @user_pages, @users = paginate :users, :order_by => ''login'', :per_page => 10, :conditions => "name like ''%kyle%'' or children like ''%kyle%''" # add error checking later render :partial => &q...

My application needs to know if a user is an administrator, for security and aesthetic reasons. At the moment, I store true/false in the session by doing the following at login: session[:user_is_admin] = authenticated_user.is_admin? Is this OK to do? Or should I really be doing the following every time: User.find(session[:user_id]).is_admin? (user_id is always in the session too) Is there a nicer way to do this, or should I be using one of the above? Cheers. -- Posted via http://www.ruby...

...can only edit his password. I dont want him editing his own login or ofcourse is_admin status for obvious reasons. Now when I use firebug and inspect the page, I see a neat little field containing the authenticity_token. But here it comes, When I edit the page in firebug, and add a field called user_is_admin and set its value to 1, and then submit, the changes actually go through!! I have now made myself and admin. Isnt protect_from_forgery supposed to protect from this? Obviously in the controller I have kept it simple and did a @user.update_attributes(params[:user]), expecting that the authenticity_...