Read-Only Model Attributes AFTER creation?


#1

Howdy,

I’m writing an ‘edit profile’ screen. I was writing some tests first
(yay!), and I realized that, if you were smart, you could use the edit
form to change your username.

I know I could use attr_protected on username, but that would still
allow for usernames to be changed (abeit not through the form). How can
I make the username read only AFTER the object has been created?

Is attr_reader what I need?

I thought about doing it with before_validation_on_update, but I’m not
sure as to what the best method of determining what the ‘true’ username
is to compare it to the one that the model has now. Would username =
User.find_by_id(id).username be The Right Way to do this in the
callback?

Thanks!

  • Nick Evans

#2

On Monday, May 29, 2006, at 9:14 PM, Nicholas E. wrote:

Is attr_reader what I need?
Rails mailing list
removed_email_address@domain.invalid
http://lists.rubyonrails.org/mailman/listinfo/rails

Do you really need to prevent this? If you have all your internal
references to the user.id number, then there is no real need for the
username to be the same. If you enforce a unique name (with
‘validates_uniqueness_of’), then it probably doesn’t matter much.

If you really need it, you might want to check out the model_security
plugin.

_Kevin