On 5 January 2011 21:45, Brian Ablaza <lists@ruby-forum.com> wrote:
> I have an app that manages tapes. Each tape has a number (separate from
> the record ID in MySQL).
>
> When a tape is added, the number field can be filled in. But when the
> record is subsequently edited, the number should not be editable.
>
> Both the "new" and "edit" views include (render) the same form partial.
> What would be considered best practice here?
>
> 1. Logic in the partial that checks to see if the action is "new" or
> "edit", and changes the form appropriately
>
> 2. Two different partials.
>
> 3. Remove the partial rendering and just have the "new" and "edit" views
> be complete forms
Also don't forget that just making the field read only in the form
will not prevent someone with malicious intent constructing a POST
with a value for that attribute. Therefore, if that is a worry for
you, make sure you prevent that field from being updated in the update
action.
Colin
--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
No comments:
Post a Comment