Suppose i have a model (userprofile) which may be altered by users and
admins, only 1 field (roll) may only be altered by admins.
of course i can exclude that field from the view if the users is not an
admin, but i suspect this is not very safe because one could fake this
so the only thing i can think of is taking measures in the controller as
well. which is not too handy because it is a long form and i use the
what i dit is to not include this field in params[:userprofile][:roll]
but in params[:roll] by using text_field_tag instead of tex_field.
now i can update all my fields with
and update the roll field by @userprofiel.roll=params[:roll] if
what is dislike is that i have to take measures at two places (view and
controller) which is not very DRY. Are there better ways? perhaps in the