Home/ Questions/Q 5960495
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-22T18:50:03+00:00

Let’s assume a simple and common scenario. I have a User model with an

  • 0

Let’s assume a simple and common scenario.

I have a User model with an admin field. Users cannot edit their admin field, but admins can edit anyone’s admin field.

So, I need to give both types of users appropriate access.

If I’d present this in a RESTful way, I’d have two resources, say

resource :user
namespace :admin do
  resources :users
end

…And here comes the dilemma – how do I control where the admin field can be changed and where not?

  1. I can set attr_protected :admin to prevent users from changing their admin status. But then I’d have to make a special case out of it in Admin::UsersController, like

    @user.admin = params[:user][:admin]

  2. I can scrub the parameter in the UsersController, which is even worse

    params[:user].delete(:admin)

Both of these solutions look messy to me. What’s the correct way of dealing with such situations?

What if there’s more than 2 access levels?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Looks like Rails 3.1 will have exactly what I wanted.

    http://ablogaboutcode.com/2011/05/12/activerecord-3-1-mass-assignment-roles/

    • 0