I am using the project_id field to differentiate between when I am creating a new project, and then redirecting to edit
(which is only way I could get this interesting form AJAX form to work with Paperclip) versus when I just want to edit the current page, which I am attempting to do with the form below. So I tried eliminating the "action" part, and that fixed the visibility of the form, only available to the owner. However, the automatic action the form generates is an update (get), which is not what I want. I want the edit action in projects controller to be called. Any ideas? On Jan 7, 2:14 pm, Matt Jones <[email protected]> wrote: > On Jan 7, 2010, at 5:02 PM, blueHandTalking wrote: > > > > > In my project model I have: > > > belongs_to :user, :creator => true > > > def update_permitted? > > acting_user.administrator? || > > (acting_user == user && !user_changed?) > > end > > > Was thinking this was correct setting of permissions so that > > the following form would only appear if a user owned the project and > > was logged in: > > > <div id="editproject" param="editproject"> > > <form with="&@project" action="/projects/[email protected]}"> > > <input type="hidden" id="project_id" name="project[id]" value="# > > {[email protected]}" /> > > <input class="edit" type="submit" value="EDIT CURRENT" /> > > </form> > > </div> > > > ...but alas, the form does appear all the time. > > Passing the action attribute to a form renders it "dumb", so it > doesn't check permissions or do anything else. I'm also not sure what > you're aiming for with the project_id hidden field... > > --Matt Jones
-- You received this message because you are subscribed to the Google Groups "Hobo Users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/hobousers?hl=en.
