Forum: Ruby on Rails Read-Only Model Attributes AFTER creation?

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
38c94343d160b921ee22e9f0fb4c18b4?d=identicon&s=25 Nicholas Evans (Guest)
on 2006-05-30 03:16
(Received via mailing list)
Howdy,

I'm writing an 'edit profile' screen. I was writing some tests first
(yay!), and I realized that, if you were smart, you could use the edit
form to change your username.

I know I could use attr_protected on username, but that would still
allow for usernames to be changed (abeit not through the form). How can
I make the username read only AFTER the object has been created?

Is attr_reader what I need?

I thought about doing it with before_validation_on_update, but I'm not
sure as to what the best method of determining what the 'true' username
is to compare it to the one that the model has now. Would username =
User.find_by_id(id).username be The Right Way to do this in the
callback?

Thanks!

- Nick Evans
5d15c6821f3c3054c04b85471824ba7c?d=identicon&s=25 Kevin Olbrich (Guest)
on 2006-05-30 03:56
(Received via mailing list)
On Monday, May 29, 2006, at 9:14 PM, Nicholas Evans wrote:
>Is attr_reader what I need?
>Rails mailing list
>Rails@lists.rubyonrails.org
>http://lists.rubyonrails.org/mailman/listinfo/rails

Do you really need to prevent this?  If you have all your internal
references to the user.id number, then there is no real need for the
username to be the same.  If you enforce a unique name (with
'validates_uniqueness_of'), then it probably doesn't matter much.

If you really need it, you might want to check out the model_security
plugin.

_Kevin
This topic is locked and can not be replied to.