Rails - Oct 2008 - Use a string as template for mail body

I want to allow users to create mail templates through an administration
page. I store the email body as text in the database, and now I want to
take the string, and treat it like an email template and send as mail.

So for instance, if something like this is in the database:

<code>
email_templates
id | text
 1 | Hello #{@user.name}! This is an email
...
</code>

Then I''d like to do this:

<code>
template = EmailTemplate.find(1)
user = User.find(1)
MyMailer.deliver_some_mail(template.text, user)
</code>

...and

<code>
class MyMailer < ActionMailer::Base
  def some_mail(template, user)
    subject "..."
    recipient "me-IsZ/h5lOg2PQT0dZR+AlfA@public.gmane.org"
    # ...

    body string_template(template, :user => user)
  end
end
</code>

Is it possible? If so, how?
-- 
Posted via http://www.ruby-forum.com/.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

While this is pretty easy with the ERB library and its rendering, it''s
also
very dangerous. You''ll need to build a whitelist of what
you''ll let them do.

"Hello #{User.delete_all}"

Never let anyone arbitrarily monkey with your code or data.
Instead, make your own parser or look at how some of the CMS tools like
Radiant do things like this.


On Tue, Oct 14, 2008 at 3:46 PM, Christian Johansen <
rails-mailing-list-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org> wrote:
>
> I want to allow users to create mail templates through an administration
> page. I store the email body as text in the database, and now I want to
> take the string, and treat it like an email template and send as mail.
>
> So for instance, if something like this is in the database:
>
> <code>
> email_templates
> id | text
>  1 | Hello #{@user.name}! This is an email
> ...
> </code>
>
> Then I''d like to do this:
>
> <code>
> template = EmailTemplate.find(1)
> user = User.find(1)
> MyMailer.deliver_some_mail(template.text, user)
> </code>
>
> ...and
>
> <code>
> class MyMailer < ActionMailer::Base
>  def some_mail(template, user)
>    subject "..."
>    recipient "me-IsZ/h5lOg2PQT0dZR+AlfA@public.gmane.org"
>    # ...
>
>    body string_template(template, :user => user)
>  end
> end
> </code>
>
> Is it possible? If so, how?
> --
> Posted via http://www.ruby-forum.com/.
>
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Brian Hogan wrote:
> While this is pretty easy with the ERB library and its rendering,
it''s
> also
> very dangerous. You''ll need to build a whitelist of what
you''ll let them
> do.
> 
> "Hello #{User.delete_all}"
> 
> Never let anyone arbitrarily monkey with your code or data.
> Instead, make your own parser or look at how some of the CMS tools like
> Radiant do things like this.
> 
> 
> On Tue, Oct 14, 2008 at 3:46 PM, Christian Johansen <
Yup, I''m very aware of the safety implications. Basically this will be 
available to people who have access to the code as well, but it makes 
this task a bit easier. I''ll look up simpler parsing that''ll
just allow
for looking up properties on a single object or something like that. 
Thanks!
-- 
Posted via http://www.ruby-forum.com/.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

On Tue, Oct 14, 2008 at 2:29 PM, Christian Johansen
<rails-mailing-list-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org>
wrote:
> Yup, I''m very aware of the safety implications. Basically this
will be
> available to people who have access to the code as well, but it makes
> this task a bit easier. I''ll look up simpler parsing
that''ll just allow
> for looking up properties on a single object or something like that.
http://www.liquidmarkup.org


~ j.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

On 14 Oct 2008, at 22:29, Christian Johansen wrote:
>
> Brian Hogan wrote:
>> While this is pretty easy with the ERB library and its rendering,  
>> it''s
>> also
>> very dangerous. You''ll need to build a whitelist of what
you''ll let
>> them
>> do.
>>
>> "Hello #{User.delete_all}"
>>
>> Never let anyone arbitrarily monkey with your code or data.
>> Instead, make your own parser or look at how some of the CMS tools  
>> like
>> Radiant do things like this.
>>
>>
>> On Tue, Oct 14, 2008 at 3:46 PM, Christian Johansen <
>
> Yup, I''m very aware of the safety implications. Basically this
will be
> available to people who have access to the code as well, but it makes
> this task a bit easier. I''ll look up simpler parsing
that''ll just
> allow
> for looking up properties on a single object or something like that.
> Thanks!
For what it''s worth, something like

@body = render :inline => some_string, :body => {}

would do it.

Fred

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

John Barnette wrote:
> On Tue, Oct 14, 2008 at 2:29 PM, Christian Johansen
> <rails-mailing-list-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org> wrote:
>> Yup, I''m very aware of the safety implications. Basically this
will be
>> available to people who have access to the code as well, but it makes
>> this task a bit easier. I''ll look up simpler parsing
that''ll just allow
>> for looking up properties on a single object or something like that.
> 
> http://www.liquidmarkup.org
> 
> 
> ~ j.
Thanks, this looks very interesting!
-- 
Posted via http://www.ruby-forum.com/.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Christian Johansen wrote:
> John Barnette wrote:
>> On Tue, Oct 14, 2008 at 2:29 PM, Christian Johansen
>> <rails-mailing-list-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org>
wrote:
>>> Yup, I''m very aware of the safety implications. Basically
this will be
>>> available to people who have access to the code as well, but it
makes
>>> this task a bit easier. I''ll look up simpler parsing
that''ll just allow
>>> for looking up properties on a single object or something like
that.
>> 
>> http://www.liquidmarkup.org
>> 
>> 
>> ~ j.
> 
> Thanks, this looks very interesting!
Played around with it a little bit, and man, this is perfect for what I 
needed. Very cool!
-- 
Posted via http://www.ruby-forum.com/.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---