Rails update_attributes using has_secure_password

Question

I am working in a project where users can either have admin: true / false. The application will only let admin users login in to the system, the other users are

Answer 1

It looks like you want to validate the presence of password on create only (also notice more concise way to validate password confirmation):

validates :password, length:{minimum:6}, confirmation: true, on: :create

You can then use update_attributes

You may want to restrict what params can be submitted by using strong params:

• Gem: https://github.com/rails/strong_parameters
• also included in Rails 4 http://edgeapi.rubyonrails.org/classes/ActionController/StrongParameters.html