Ruby on Rails
Sunday, August 2, 2015
If the logic to create your object is more complex than a few lines of code, you could extract it to a separate class. I used to create adapter classes which build model objects from the request parameters. That worked well for me.
On Sat, Aug 1, 2015 at 1:02 PM, Scott Goci <scottjg@gmail.com> wrote:
That definitely makes more sense in my mind fernando, but if its a deeply nested object, can you do that? As the params would probably look something like:--params.require(:survey).permit(:question_attributes => [:response_attributes => [:response_text].merge(user_id: current_user.id)])
On Friday, July 31, 2015 at 9:27:12 AM UTC-4, Fernando Kakimoto wrote:Does it make sense to not have this hidden_field in the form but instead add this info inside the controller while saving the object? For instance:Response.new(response_params)def response_paramsparams.require(:response).permit(:response_text).merge(user_id: current_user.id)endOn Fri, Jul 31, 2015 at 4:37 AM, Colin Law <cla...@gmail.com> wrote:On 30 July 2015 at 23:06, Scott Goci <sco...@gmail.com> wrote:
> At the end of my email, I do just that -- you notice that in the params I
> suggest, there is no user_id present, and instead I break apart the params
> and inject the user_id more manually, but breaking out the params seems
> messy to validate against, so I'm wondering if there is a more "cleaner"
> method of doing it.
That is not quite what I was suggesting, your question indicated you
were happy with the hidden field concept, apart from the fact that
someone might inject a false id. My suggestion was to use the hidden
field but then to verify it against current_user in the controller.
So just one test to insert in the controller.
Colin
--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-ta...@googlegroups.com.
To post to this group, send email to rubyonra...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/CAL%3D0gLumg6ZRnRutgEa-f6KFbT3oZ4B%3Da9fLkgZEsp_x8EuotQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
--Fernando Kakimoto
http://www.twitter.com/nandokakimoto
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe@googlegroups.com.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/f0f8f28d-dd95-4d14-9090-68ba3fd14423%40googlegroups.com.
Fernando Kakimoto
http://www.twitter.com/nandokakimoto
http://www.twitter.com/nandokakimoto
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe@googlegroups.com.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/CALKwU8WCNQyQvvwMNDHRO98DPm5_Y6rfQGaUG9rvqPia8GrLrQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment