On Jan 7, 2010, at 5:02 PM, blueHandTalking wrote:
In my project model I have: belongs_to :user, :creator => true def update_permitted? acting_user.administrator? || (acting_user == user && !user_changed?) end Was thinking this was correct setting of permissions so that the following form would only appear if a user owned the project and was logged in: <div id="editproject" param="editproject"> <form with="&@project" action="/projects/edit/#[email protected]}"> <input type="hidden" id="project_id" name="project[id]" value="# {[email protected]}" /> <input class="edit" type="submit" value="EDIT CURRENT" /> </form> </div> ...but alas, the form does appear all the time.
Passing the action attribute to a form renders it "dumb", so it doesn't check permissions or do anything else. I'm also not sure what you're aiming for with the project_id hidden field...
--Matt Jones
-- You received this message because you are subscribed to the Google Groups "Hobo Users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/hobousers?hl=en.
