I''m trying to create a select box that chooses from a list of options
determined by class hierarchy. To be specific, I have a Field model
that has been subclassed into several types of Fields. The user chooses
a type of field from the drop-down, and that class is used to generate
the Field back in the controller. I have two questions related to this.
1. In attempting to populate the select box, I created a helper
function that searches the ObjectSpace for children of the Field class.
Unfortunately, within the view in question, only objects named within
the view are added to the scope by Rails, so when I call the helper
function, it only finds said fields. I have worked around this problem
by simply naming every member of the hierarchy in the view, but for this
to work, I have to stick the entire list in every view that uses this
drop-down, and if I ever add to the hierarchy, each instance of that
list will have to be modified manually. I would like a better solution.
2. To actually generate the new field, I am calling something that
looks like newfield = eval(params[:fieldtype] + ".create(" +
":first_attrib =>," + "second_attrib" + etc. +
")". Eval is a rather
scary function to be using, here, since it is probably fairly easy to
generate a POST with some sort of injected code that the eval would
execute. I could create helper functions to sanitize the parameters,
but it seems like this would come up often enough that Rails should
already have a solution, a solution that I am not experienced enough to
locate. Does such a thing exist?
Thanks in advance for your time.
-A. Wilson
--
Posted via http://www.ruby-forum.com/.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---
Re: #1, if all else fails, you should be able to put that list of
subclass names in your model, and reference it from there. Something
like:
class Field < AR:Base
SUB_TYPES = %(bibbity bobbity boo rama lama ding dong)
end
And in your views:
f.select(:field_type, Field::SUB_TYPES)
Having that array accessible should also help w/sanitizing. So e.g., in
your controller
raise("WTF!?") unless Field::SUB_TYPES.include?(params[:field_type])
That''s air code, but you get the idea...
HTH,
-Roy
-----Original Message-----
From: rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
[mailto:rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org] On Behalf Of
Aa Wilson
Sent: Friday, July 18, 2008 10:45 AM
To: rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
Subject: [Rails] View Inheritance Population, and another question
I''m trying to create a select box that chooses from a list of options
determined by class hierarchy. To be specific, I have a Field model
that has been subclassed into several types of Fields. The user chooses
a type of field from the drop-down, and that class is used to generate
the Field back in the controller. I have two questions related to this.
1. In attempting to populate the select box, I created a helper
function that searches the ObjectSpace for children of the Field class.
Unfortunately, within the view in question, only objects named within
the view are added to the scope by Rails, so when I call the helper
function, it only finds said fields. I have worked around this problem
by simply naming every member of the hierarchy in the view, but for this
to work, I have to stick the entire list in every view that uses this
drop-down, and if I ever add to the hierarchy, each instance of that
list will have to be modified manually. I would like a better solution.
2. To actually generate the new field, I am calling something that
looks like newfield = eval(params[:fieldtype] + ".create(" +
":first_attrib =>," + "second_attrib" + etc. +
")". Eval is a rather
scary function to be using, here, since it is probably fairly easy to
generate a POST with some sort of injected code that the eval would
execute. I could create helper functions to sanitize the parameters,
but it seems like this would come up often enough that Rails should
already have a solution, a solution that I am not experienced enough to
locate. Does such a thing exist?
Thanks in advance for your time.
-A. Wilson
--
Posted via http://www.ruby-forum.com/.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---
Roy Pardee wrote:> Re: #1, if all else fails, you should be able to put that list of > subclass names in your model, and reference it from there. Something > like: > > class Field < AR:Base > SUB_TYPES = %(bibbity bobbity boo rama lama ding dong) > end > > And in your views: > > f.select(:field_type, Field::SUB_TYPES) > > Having that array accessible should also help w/sanitizing. So e.g., in > your controller > > raise("WTF!?") unless Field::SUB_TYPES.include?(params[:field_type]) > > That''s air code, but you get the idea... > > HTH, > > -RoyThat''s quite beautiful, actually, and I may re-implement my temporary solution that way, mostly for the sake of #2. However, if I could get the list to populate itself automatically, that would be ideal. -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---