Re: [Rails] Best Practice

On Jan 5, 2011, at 5:21 PM, Colin Law wrote:

> On 5 January 2011 21:45, Brian Ablaza <lists@ruby-forum.com> wrote:
>> I have an app that manages tapes. Each tape has a number (separate
>> from
>> the record ID in MySQL).
>>
>> When a tape is added, the number field can be filled in. But when the
>> record is subsequently edited, the number should not be editable.
>>
>> Both the "new" and "edit" views include (render) the same form
>> partial.
>> What would be considered best practice here?
>>
>> 1. Logic in the partial that checks to see if the action is "new" or
>> "edit", and changes the form appropriately
>>
>> 2. Two different partials.
>>
>> 3. Remove the partial rendering and just have the "new" and "edit"
>> views
>> be complete forms
>
> Also don't forget that just making the field read only in the form
> will not prevent someone with malicious intent constructing a POST
> with a value for that attribute. Therefore, if that is a worry for
> you, make sure you prevent that field from being updated in the update
> action.
>
> Colin

Rather than check the action, I'd suggest checking whether the object
was new.

<% if f.object.new_record? %>
<%= f.text_field :number %>
<% else %>
<%= f.object.number %>
<% end %>

But still protect the number attribute from mass-assignment and handle
the field in the create action.

-Rob

Rob Biedenharn
Rob@AgileConsultingLLC.com http://AgileConsultingLLC.com/
rab@GaslightSoftware.com http://GaslightSoftware.com/

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.