something changed in this matter since 2009? http://stackoverflow.com/questions/1983106/hacking-attr-accessible-to-support-a-different-set-of-accessible-attributes-for
so how would you limit which attributes may be assigned in update, and which cannot? By removing keys from hash (eg. params[:user])?
dhoelzer: I had a question up there, which is "best practice" for attributes, which should be attr_accessible on create action, but not on update? Removing keys from params[:model] ?
hi, is it possible and fine to set other validation context than :create or :update? I would like to have another validation context for updating by user with admin privileges : )