Hey guys, is there a validation that essentially acts the opposite way of "validates_presence_of". That is, the attribute in question must be nil, or blank, non-existent. If not, what's the best way to prevent a user from altering a web form attempting to submit data to a field that they should never have access to? Thanks!
on 2010-03-10 04:35
on 2010-03-10 05:21
Seirie wrote: > Hey guys, is there a validation that essentially acts the opposite way > of "validates_presence_of". That is, the attribute in question must be > nil, or blank, non-existent. If not, what's the best way to prevent a > user from altering a web form attempting to submit data to a field > that they should never have access to? What you're looking for is attr_accessible and/or attr_protected: http://railsapi.com/doc/rails-v2.3.5/classes/ActiveRecord/Base.html#M000920 If you were to do that in validation it would render the attribute virtually useless. You would have to bypass validation altogether in order to set it at all. What you really want is to disallow mass assignment of the attribute. That's what the above methods do.
Enable email notification
Enable multi-page viewPlease log in before posting. Registration is free and takes only a minute.
Existing account
(Switch to SSL-encrypted connection)
NEW: Do you have a Google/GoogleMail or Yahoo account? No registration required!
Log in with Google account | Log in with Yahoo account
Log in with Google account | Log in with Yahoo account
No account? Register here.