> If you wanted it to just be a constant value that you set, why not set > it after form submission in a before_save callback or something? After > all, a malicious client can still submit a value for that property.
Well - the permission system should catch changes you don't want. I've never actually used that feature in the way you've described. It's more like - some aspect of your business logic is setting up a record in a certain way, and you want to throw a form on it. It basically gives you a way to round trip an object in memory to a form, and then back to an update action, and it Just Works (tm). > What if you just want to set the field to a certain default value but > then want to give the user the option to change it? Let's say you were > suggesting a value. Then the hidden field will not be rendered. Although you've said that's not working for you? Having said all that, I'm still wondering if this feature should be off by default, but easy to switch on. In your case, why were you setting an attribute for rendering the "new" form? Tom --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Hobo Users" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/hobousers?hl=en -~----------~----~----~----~------~----~------~--~---
