On Jan 5, 2011, at 5:21 PM, Colin Law wrote:
On 5 January 2011 21:45, Brian Ablaza <[email protected]> wrote:
I have an app that manages tapes. Each tape has a number (separate
from
the record ID in MySQL).
When a tape is added, the number field can be filled in. But when the
record is subsequently edited, the number should not be editable.
Both the "new" and "edit" views include (render) the same form
partial.
What would be considered best practice here?
1. Logic in the partial that checks to see if the action is "new" or
"edit", and changes the form appropriately
2. Two different partials.
3. Remove the partial rendering and just have the "new" and "edit"
views
be complete forms
Also don't forget that just making the field read only in the form
will not prevent someone with malicious intent constructing a POST
with a value for that attribute. Therefore, if that is a worry for
you, make sure you prevent that field from being updated in the update
action.
Colin
Rather than check the action, I'd suggest checking whether the object
was new.
<% if f.object.new_record? %>
<%= f.text_field :number %>
<% else %>
<%= f.object.number %>
<% end %>
But still protect the number attribute from mass-assignment and handle
the field in the create action.
-Rob
Rob Biedenharn
[email protected] http://AgileConsultingLLC.com/
[email protected] http://GaslightSoftware.com/
--
You received this message because you are subscribed to the Google Groups "Ruby on
Rails: Talk" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.
