Home/ Questions/Q 741015
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-14T08:35:01+00:00

I have implemented Authlogic. I believe that this isn’t an authlogic specific quesetion. Assume

  • 0

I have implemented Authlogic. I believe that this isn’t an authlogic specific quesetion. Assume that I have a User model and each User has a column in the database called “login”.

Upon creating a user, the login column is populated. However, I don’t want the user to be able to change their login once they set it.

Currently, I have removed the text field in the _form.html.erb file in my views for users. However, it can probably still be accessed through the url right?

How can I make it so that once a login is set, it can not be changed at all?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    As far as I know, Authlogic handles this case for you so you don’t have to worry about someone overwriting their username. To handle that type of case in general, you can set the username as a protected attribute by excluding it from the attr_accessible attributes in the model, and assigning it directly in the UserController’s create action, which gets around the mass assignment protection in the single case where you do want to set it. For example:

    class User < ActiveRecord::Base
  attr_accessible :email, :password, :other_field1, :other_field2 # note username is not listed
end

class UserController < AppController
  def create
    @user = User.new(params[:user])
    @user.username = params[:user][:username]
    @user.save
    # ...
  end
end
    • 0