There are other ways to verify this, but I use the acts_as_modified plugin for similar things and it's really handy.
https://rubyforge.org/projects/actsasmodified
With this you can do this in validate
def validate errors.add(:password, "You can not change a users password") if self.modified? && self.password_modified? end
Mouhannad Oweism wrote:
After reading your post again, you may need to add another condition to the if statement to only disallow admins, like this:
def validate
errors.add(:password, "You can not change a users password") if current_user.admin && self.modified? && self.password_modified?
end
This assumes you have a current_user function to get at the current user and that admin is a method that returns a boolean
William Pratt wrote:
Ok, maybe I misunderstood you. Are you saying that when he edits the user, and leaves the password fields blank, you don't want the password in the database to get wiped out? If thats the case, delete it from the params hash before calling update_attributes if it's empty
params[:user].delete(:password) if params[:user][:password].empty? @user = User.update(params[:id], params[:user])
That will not update the password field if that is what you are looking to do.
Mouhannad Oweism wrote: