Home/ Questions/Q 8221727
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-07T14:01:54+00:00

I’m fairly new to rails, and I’m developing a small application that involves user

  • 0

I’m fairly new to rails, and I’m developing a small application that involves user accounts. Currently, the user is able to change/update their Name, Email, and Password. The user also has a unique Username, but I would like to prevent the user from changing it. How would I go about preventing this?

I’ve included the username in attr_accessible to allow for its creation when signing up, but I’d like to somehow remove this once the username is present. The only restriction I have so far is the lack of a username edit form, but I know this won’t stop a creative user from issuing a PUT request to change it.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    The easiest way to do this would be to remove the parameter in the update action of the controller before they are passed into the update_attributes function, like below:

    #UsersController
def update
  params[:user].delete(:username)
  @user = user.find(params[:id])
  if @user.update_attributes(params[:user])
    flash[:notice] = "Successfully updated user."
    redirect_to @user
  else
    render :action => 'edit'
  end
end

    Alternatively, you could use dynamic mass-assignment security as show in this RailsCast, this gist being that you override the mass_assignment_authorizer function in the model to add any extra attributes that you want to be accessable to mass assignment. Using that idea, you could do something like:

    class User < ActiveRecord::Base
  attr_accessible #what ever other stuff you wan't to accessable

  private
  def mass_assignment_authorizer
    new_record? ? super + [:username] : super
  end
end
    • 0