Read-Only Model Attributes AFTER creation?

Nicholas_E · May 30, 2006, 3:16am

Howdy,

I’m writing an ‘edit profile’ screen. I was writing some tests first
(yay!), and I realized that, if you were smart, you could use the edit
form to change your username.

I know I could use attr_protected on username, but that would still
allow for usernames to be changed (abeit not through the form). How can
I make the username read only AFTER the object has been created?

Is attr_reader what I need?

I thought about doing it with before_validation_on_update, but I’m not
sure as to what the best method of determining what the ‘true’ username
is to compare it to the one that the model has now. Would username =
User.find_by_id(id).username be The Right Way to do this in the
callback?

Thanks!

Nick Evans

Nicholas_E · May 30, 2006, 3:56am

On Monday, May 29, 2006, at 9:14 PM, Nicholas E. wrote:

Is attr_reader what I need?
Rails mailing list
[email protected]
http://lists.rubyonrails.org/mailman/listinfo/rails

Do you really need to prevent this? If you have all your internal
references to the user.id number, then there is no real need for the
username to be the same. If you enforce a unique name (with
‘validates_uniqueness_of’), then it probably doesn’t matter much.

If you really need it, you might want to check out the model_security
plugin.

_Kevin