Is this possible?
Say you have a form, but want to require login before data can be saved.
So, using the login generator, you use the redirect and authorize methods.
link to form > redirect to login > login > redirect to form
However, this only works with GET requests, or, only works with
intercepting links.
What I''m proposing is a post interceptor; additionally, the form can
be submitted, *before* checking for the user to be logged in.
submit form > redirect to login > login > re-post form
----
To make things more complicated, the whole deal works with ajax (it
renders the login in-page)
<%= form_remote_tag ... %>
<textarea name=''stuff''> ... </textarea>
<input type=''submit'' />
</form>
then, when they hit submit, it checks to see if the user is logged in
(and the form is secure) and returns a login form with render_action
like so: (this replaces the ajaxed form with a login form, and hidden
parameters)
<%= form_remote_tag ... %>
username : <input type=''text''
name=''login'' ..>
password : <input type=''password'' ..>
</form>
My question is, how would you handle the intercepted @params?
This is all kinda pseudo code..
1. hidden fields
<% @params.each |key,value| %>
<input type=''hidden'' name=''<%= key
%>'' value=''<%= value %>'' />
2. hidden textareas
<textarea style=''display:none''><%= value
%></textarea>
3. script-fu
<script type=''text/javascript''>
form.add_element(''<%= CGI.escape ... %>'');
</script>
4. store the params hash in the session
The problem with most of these methods is escaping or serializing the
posted values into HTML.>From here:
http://xkr.us/articles/javascript/encode-compare/
- escape() will not encode: @*/+
- encodeURI() will not encode: !@#$&*()=:/;?+''
- encodeURIComponent() will not encode: !*()''
The other issue is, who wants to keep potentially that much
information in the session?
Any ideas?
:)
courtenay
http://habtm.com