How to exclude the password from being updated in rails3

0
votes

How can I exclude the password from being updated. Here is my update controller for user.

  def update
   @user = User.find(params[:id])
    if @user.update_attributes(params[:user])
      flash[:success] = "Profile updated."
      redirect_to @user
    else
      @title = "Edit user"
      render 'edit'
    end
  end

my edit page contains the first name without password but the password is still getting stored with null value. I tried to use :on => create but that doesn't help.

1
ruby-on-railsruby-on-rails-3ruby-on-rails-3.1

1 Answers

0
votes

You can protect attributes getting mass assigned in a whitelist approach with attr_accessible or in a blacklist approach with attr_protected in the model:

attr_protected :password