Rails core - Sep 2010 - DRY views / Shared Partials and user role based system.

Hi,
I have a simple partial, just a file list.

The list is exactly the same for those who have permission to change
it, and those who just can see it.

The best way to keep things DRY, I think, is doing some kind of shared
partial. No problem so far.

But what about the specific actions (new/edit/delete)? Scattering some
conditional statements seems very very uglier, and even more difficult
to maintain, than separate views. So I came up with another solution:
putting some yield statements on the code. Something like,  "yield
:delete" for example. Than I render a partial that contains only the
user specific things, and put the content_for''s that are appropriated.

But I think that can be even a prettier solution. So I''m asking you
guys :D
Sorry, if this is a newbie question, I''m new to rails, and concerned
about doing things the best way possible.

Thanks in advance
-- 
Sebastião G. Ferreira Júnior
"How much trust is too much trust? Should you even trust?"

-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Core" group.
To post to this group, send email to rubyonrails-core@googlegroups.com.
To unsubscribe from this group, send email to
rubyonrails-core+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/rubyonrails-core?hl=en.

bad solution, rendering or not the link doesnot hide th action, that means
with a tool like curl a user can trigger the delete or just writing the link
in the browser and changing the method, use an authorization gem , read
about cancan,

http://railscasts.com/episodes/192-authorization-with-cancan

whe you have is an authorization problem.

2010/9/7 Sebastião Giacheto F. Júnior <sebastorama@gmail.com>
> Hi,
> I have a simple partial, just a file list.
>
> The list is exactly the same for those who have permission to change
> it, and those who just can see it.
>
> The best way to keep things DRY, I think, is doing some kind of shared
> partial. No problem so far.
>
> But what about the specific actions (new/edit/delete)? Scattering some
> conditional statements seems very very uglier, and even more difficult
> to maintain, than separate views. So I came up with another solution:
> putting some yield statements on the code. Something like,  "yield
> :delete" for example. Than I render a partial that contains only the
> user specific things, and put the content_for''s that are
appropriated.
>
> But I think that can be even a prettier solution. So I''m asking
you guys :D
> Sorry, if this is a newbie question, I''m new to rails, and
concerned
> about doing things the best way possible.
>
> Thanks in advance
> --
> Sebastião G. Ferreira Júnior
> "How much trust is too much trust? Should you even trust?"
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ruby on Rails: Core" group.
> To post to this group, send email to rubyonrails-core@googlegroups.com.
> To unsubscribe from this group, send email to
>
rubyonrails-core+unsubscribe@googlegroups.com<rubyonrails-core%2Bunsubscribe@googlegroups.com>
> .
> For more options, visit this group at
> http://groups.google.com/group/rubyonrails-core?hl=en.
>
>
-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Core" group.
To post to this group, send email to rubyonrails-core@googlegroups.com.
To unsubscribe from this group, send email to
rubyonrails-core+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/rubyonrails-core?hl=en.

Sorry, My controller actions are already restricted based on the user
type (I use authlogic). I''m not restricting anything on the view.
It''s
not possible to do something as a normal user, even if the links/forms
were there. I just wan''t to render the view differently for each one,
but keeping things more DRY (since the list is almost about the same
for each user) and without ugly conditional statements.

But sorry, I was warned to post this kind of doubt on the other mail
list:  ''rails-talk'', not here. Newbie behavior :D
Thanks for the answer.

On Wed, Sep 8, 2010 at 11:54 AM, radhames brito <rbritom@gmail.com>
wrote:
> bad solution, rendering or not the link doesnot hide th action, that means
> with a tool like curl a user can trigger the delete or just writing the
link
> in the browser and changing the method, use an authorization gem , read
> about cancan,
>
> http://railscasts.com/episodes/192-authorization-with-cancan
>
> whe you have is an authorization problem.
>
> 2010/9/7 Sebastião Giacheto F. Júnior <sebastorama@gmail.com>
>>
>> Hi,
>> I have a simple partial, just a file list.
>>
>> The list is exactly the same for those who have permission to change
>> it, and those who just can see it.
>>
>> The best way to keep things DRY, I think, is doing some kind of shared
>> partial. No problem so far.
>>
>> But what about the specific actions (new/edit/delete)? Scattering some
>> conditional statements seems very very uglier, and even more difficult
>> to maintain, than separate views. So I came up with another solution:
>> putting some yield statements on the code. Something like,  "yield
>> :delete" for example. Than I render a partial that contains only
the
>> user specific things, and put the content_for''s that are
appropriated.
>>
>> But I think that can be even a prettier solution. So I''m
asking you guys
>> :D
>> Sorry, if this is a newbie question, I''m new to rails, and
concerned
>> about doing things the best way possible.
>>
>> Thanks in advance
>> --
>> Sebastião G. Ferreira Júnior
>> "How much trust is too much trust? Should you even trust?"
>>
>> --
>> You received this message because you are subscribed to the Google
Groups
>> "Ruby on Rails: Core" group.
>> To post to this group, send email to rubyonrails-core@googlegroups.com.
>> To unsubscribe from this group, send email to
>> rubyonrails-core+unsubscribe@googlegroups.com.
>> For more options, visit this group at
>> http://groups.google.com/group/rubyonrails-core?hl=en.
>>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ruby on Rails: Core" group.
> To post to this group, send email to rubyonrails-core@googlegroups.com.
> To unsubscribe from this group, send email to
> rubyonrails-core+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/rubyonrails-core?hl=en.
>


-- 
Sebastião G. Ferreira Júnior
"How much trust is too much trust? Should you even trust?"

-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Core" group.
To post to this group, send email to rubyonrails-core@googlegroups.com.
To unsubscribe from this group, send email to
rubyonrails-core+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/rubyonrails-core?hl=en.

you can use a layout partial

http://railscasts.com/episodes/99-complex-partials





2010/9/8 Sebastião Giacheto F. Júnior <sebastorama@gmail.com>
> Sorry, My controller actions are already restricted based on the user
> type (I use authlogic). I''m not restricting anything on the view.
It''s
> not possible to do something as a normal user, even if the links/forms
> were there. I just wan''t to render the view differently for each
one,
> but keeping things more DRY (since the list is almost about the same
> for each user) and without ugly conditional statements.
>
> But sorry, I was warned to post this kind of doubt on the other mail
> list:  ''rails-talk'', not here. Newbie behavior :D
> Thanks for the answer.
>
> On Wed, Sep 8, 2010 at 11:54 AM, radhames brito <rbritom@gmail.com>
wrote:
> > bad solution, rendering or not the link doesnot hide th action, that
> means
> > with a tool like curl a user can trigger the delete or just writing
the
> link
> > in the browser and changing the method, use an authorization gem ,
read
> > about cancan,
> >
> > http://railscasts.com/episodes/192-authorization-with-cancan
> >
> > whe you have is an authorization problem.
> >
> > 2010/9/7 Sebastião Giacheto F. Júnior <sebastorama@gmail.com>
> >>
> >> Hi,
> >> I have a simple partial, just a file list.
> >>
> >> The list is exactly the same for those who have permission to
change
> >> it, and those who just can see it.
> >>
> >> The best way to keep things DRY, I think, is doing some kind of
shared
> >> partial. No problem so far.
> >>
> >> But what about the specific actions (new/edit/delete)? Scattering
some
> >> conditional statements seems very very uglier, and even more
difficult
> >> to maintain, than separate views. So I came up with another
solution:
> >> putting some yield statements on the code. Something like, 
"yield
> >> :delete" for example. Than I render a partial that contains
only the
> >> user specific things, and put the content_for''s that are
appropriated.
> >>
> >> But I think that can be even a prettier solution. So I''m
asking you guys
> >> :D
> >> Sorry, if this is a newbie question, I''m new to rails,
and concerned
> >> about doing things the best way possible.
> >>
> >> Thanks in advance
> >> --
> >> Sebastião G. Ferreira Júnior
> >> "How much trust is too much trust? Should you even
trust?"
> >>
> >> --
> >> You received this message because you are subscribed to the Google
> Groups
> >> "Ruby on Rails: Core" group.
> >> To post to this group, send email to
rubyonrails-core@googlegroups.com.
> >> To unsubscribe from this group, send email to
> >>
rubyonrails-core+unsubscribe@googlegroups.com<rubyonrails-core%2Bunsubscribe@googlegroups.com>
> .
> >> For more options, visit this group at
> >> http://groups.google.com/group/rubyonrails-core?hl=en.
> >>
> >
> > --
> > You received this message because you are subscribed to the Google
Groups
> > "Ruby on Rails: Core" group.
> > To post to this group, send email to
rubyonrails-core@googlegroups.com.
> > To unsubscribe from this group, send email to
> >
rubyonrails-core+unsubscribe@googlegroups.com<rubyonrails-core%2Bunsubscribe@googlegroups.com>
> .
> > For more options, visit this group at
> > http://groups.google.com/group/rubyonrails-core?hl=en.
> >
>
>
>
> --
> Sebastião G. Ferreira Júnior
> "How much trust is too much trust? Should you even trust?"
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ruby on Rails: Core" group.
> To post to this group, send email to rubyonrails-core@googlegroups.com.
> To unsubscribe from this group, send email to
>
rubyonrails-core+unsubscribe@googlegroups.com<rubyonrails-core%2Bunsubscribe@googlegroups.com>
> .
> For more options, visit this group at
> http://groups.google.com/group/rubyonrails-core?hl=en.
>
>
-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Core" group.
To post to this group, send email to rubyonrails-core@googlegroups.com.
To unsubscribe from this group, send email to
rubyonrails-core+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/rubyonrails-core?hl=en.

Hey Seb,

too much decider code in partials? Use Cells [1], that''s view
components for Rails and designed to solve problems like yours.
Check out some examples at github [2] and be sure to use view
inheritance [3], which could be very handy to map all your different
user roles in your views.

If you get stuck, feel free to ask us on irc.freenode.org in the
#cells channel or mail me directly.

Cheers,

Nick

[1] http://cells.rubyforge.org/
[2] http://github.com/apotonick/cells
[3]
http://apotomo.de/2010/04/using-cells-view-inheritance-to-clean-up-your-views/

On 7 Sep., 21:09, Sebastião Giacheto F. Júnior <sebastor...@gmail.com>
wrote:
> Hi,
> I have a simple partial, just a file list.
>
> The list is exactly the same for those who have permission to change
> it, and those who just can see it.
>
> The best way to keep things DRY, I think, is doing some kind of shared
> partial. No problem so far.
>
> But what about the specific actions (new/edit/delete)? Scattering some
> conditional statements seems very very uglier, and even more difficult
> to maintain, than separate views. So I came up with another solution:
> putting some yield statements on the code. Something like,  "yield
> :delete" for example. Than I render a partial that contains only the
> user specific things, and put the content_for''s that are
appropriated.
>
> But I think that can be even a prettier solution. So I''m asking
you guys :D
> Sorry, if this is a newbie question, I''m new to rails, and
concerned
> about doing things the best way possible.
>
> Thanks in advance
> --
> Sebastião G. Ferreira Júnior
> "How much trust is too much trust? Should you even trust?"
-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Core" group.
To post to this group, send email to rubyonrails-core@googlegroups.com.
To unsubscribe from this group, send email to
rubyonrails-core+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/rubyonrails-core?hl=en.