I''ve made a simple cms. I have a table with page content. In the view I make a call for a helper that get''s the data: View: <%= content(the_id) %> In the application helper: def content(c) @content = Pagecontent.find(c).content end This works great. Any problems with this, like security? Any other way to do it this simple? -- Posted via http://www.ruby-forum.com/.
Hi Pål Bergström My opinion is you can move Pagecontent.find(c) to model and access this from controller. Then just use it in view so to avoid making db call from helper/view even this is simple Sijo -- Posted via http://www.ruby-forum.com/.
Sijo k g wrote:> Hi Pål Bergström > > My opinion is you can move Pagecontent.find(c) to model and access > this from controller. Then just use it in view so to avoid making db > call from helper/view even this is simple > > > SijoI see what you mean. However, that would mean a third set of code strings. Are there any real security problems with my way? -- Posted via http://www.ruby-forum.com/.
Hi Pål Bergström> Are there any real security problems with my way?No security problems I think Sijo -- Posted via http://www.ruby-forum.com/.
Pål Bergström wrote:> I''ve made a simple cms. I have a table with page content. In the view I > make a call for a helper that get''s the data: > > View: > > <%= content(the_id) %> > > In the application helper: > > def content(c) > @content = Pagecontent.find(c).content > end > > This works great. Any problems with this, like security?Yeah, you''re totally breaking MVC. The query should be in the controller.> Any other way > to do it this simple?Put the query in the controller. Assign it to a variable. Use the variable in the view. Just as simple. No helper necessary. No breaking MVC. Best, -- Marnen Laibow-Koser http://www.marnen.org marnen-sbuyVjPbboAdnm+yROfE0A@public.gmane.org -- Posted via http://www.ruby-forum.com/.
Marnen Laibow-Koser wrote:> Put the query in the controller. Assign it to a variable. Use the > variable in the view. Just as simple. No helper necessary. No > breaking MVC. >Will mean extra coding for each page. -- Posted via http://www.ruby-forum.com/.
Pål Bergström wrote:> Marnen Laibow-Koser wrote: > > >> Put the query in the controller. Assign it to a variable. Use the >> variable in the view. Just as simple. No helper necessary. No >> breaking MVC. >> > > Will mean extra coding for each page.I don''t believe it will, but perhaps I don''t understand the structure of your app. Can you explain how you''re using this? Anyway, even if it *does* mean extra coding, it''s the right thing to do. Best, -- Marnen Laibow-Koser http://www.marnen.org marnen-sbuyVjPbboAdnm+yROfE0A@public.gmane.org -- Posted via http://www.ruby-forum.com/.
Marnen Laibow-Koser wrote:> I don''t believe it will, but perhaps I don''t understand the structure of > your app. Can you explain how you''re using this? > > Anyway, even if it *does* mean extra coding, it''s the right thing to do. >Let''s say I have 5 pages. Each page can have 1 or more areas which can be edited by the user. Probably 1-3 areas, where the main sections is the body text. Each area is assigned an id. By using my setup as above I can assign the id and content for each area in the view, and that''s it. No extra coding or assigning a variable for each page and each area. This is like static CMS where the control of new pages are limited but not the actual text/content. -- Posted via http://www.ruby-forum.com/.
Pål Bergström wrote:> Marnen Laibow-Koser wrote: > >> I don''t believe it will, but perhaps I don''t understand the structure of >> your app. Can you explain how you''re using this? >> >> Anyway, even if it *does* mean extra coding, it''s the right thing to do. >> > > > Let''s say I have 5 pages. Each page can have 1 or more areas which can > be edited by the user. Probably 1-3 areas, where the main sections is > the body text. > > Each area is assigned an id. By using my setup as above I can assign the > id and content for each area in the view, and that''s it. No extra coding > or assigning a variable for each page and each area.So the Pagecontent (should be PageContent!) is the model for the editable area? Are the 5 pages rendered by separate controller actions, or by the same action on different instances of Page?> > This is like static CMS where the control of new pages are limited but > not the actual text/content.Best, -- Marnen Laibow-Koser http://www.marnen.org marnen-sbuyVjPbboAdnm+yROfE0A@public.gmane.org -- Posted via http://www.ruby-forum.com/.
Marnen Laibow-Koser wrote:> So the Pagecontent (should be PageContent!) is the model for the > editable area? > > Are the 5 pages rendered by separate controller actions, or by the same > action on different instances of Page? >Yes, separate controller actions. -- Posted via http://www.ruby-forum.com/.
Pål Bergström wrote:> Marnen Laibow-Koser wrote: > >> So the Pagecontent (should be PageContent!) is the model for the >> editable area? >> >> Are the 5 pages rendered by separate controller actions, or by the same >> action on different instances of Page? >> > > > Yes, separate controller actions.Can you post your controller code? This is starting to sound like a smelly design, which may account for some of the questions you''re asking. Best, -- Marnen Laibow-Koser http://www.marnen.org marnen-sbuyVjPbboAdnm+yROfE0A@public.gmane.org -- Posted via http://www.ruby-forum.com/.
Marnen Laibow-Koser wrote:> Pål Bergström wrote: > Yes, separate controller actions. > > Can you post your controller code? This is starting to sound like a > smelly design, which may account for some of the questions you''re > asking. > > Best, > -- > Marnen Laibow-Koser > http://www.marnen.org > marnen-sbuyVjPbboAdnm+yROfE0A@public.gmane.orgThere''s nothing in the controller. Just the view for each page and one method in the application_helper. -- Posted via http://www.ruby-forum.com/.
Pål Bergström wrote:> There''s nothing in the controller. Just the view for each page and one > method in the application_helper.So your controller is just def page1 end def page2 end ? Where do the ids that you''re passing to the pagecontent helper get set? Best, -- Marnen Laibow-Koser http://www.marnen.org marnen-sbuyVjPbboAdnm+yROfE0A@public.gmane.org -- Posted via http://www.ruby-forum.com/.
Marnen Laibow-Koser wrote:> So your controller is just > > def page1 > end > > def page2 > end > > ? > > Where do the ids that you''re passing to the pagecontent helper get set?In the view with. <%= content(the_id_of_content) %> In the application helper: def content(c) @content = Pagecontent.find(c).content end -- Posted via http://www.ruby-forum.com/.
Pål Bergström wrote:> Marnen Laibow-Koser wrote:[...]>> Where do the ids that you''re passing to the pagecontent helper get set? > > In the view with. > > <%= content(the_id_of_content) %> > > In the application helper: > > def content(c) > @content = Pagecontent.find(c).content > endThen the best thing to do, it seems to me, is to restructure things as I indicated before. Moving the query into the controller will not require any more code, and it will decouple the view from the DB (which is the right thing). The proper Railsy way is like this: # controller def page1 @content = Pagecontent.find(whatever) end # page1.html.erb <%= @content %> Less code than a helper, more flexible, and more truly MVC. The helper method has nothing at all to recommend it here. Best, -- Marnen Laibow-Koser http://www.marnen.org marnen-sbuyVjPbboAdnm+yROfE0A@public.gmane.org -- Posted via http://www.ruby-forum.com/.
Marnen Laibow-Koser wrote:> Then the best thing to do, it seems to me, is to restructure things as I > indicated before. Moving the query into the controller will not require > any more code, and it will decouple the view from the DB (which is the > right thing). The proper Railsy way is like this: > > # controller > def page1 > @content = Pagecontent.find(whatever) > end > > # page1.html.erb > <%= @content %> > > Less code than a helper, more flexible, and more truly MVC. The helper > method has nothing at all to recommend it here. >I don''t see how that would mean less code. -- Posted via http://www.ruby-forum.com/.
Pål Bergström wrote:> Marnen Laibow-Koser wrote: > >> Then the best thing to do, it seems to me, is to restructure things as I >> indicated before. Moving the query into the controller will not require >> any more code, and it will decouple the view from the DB (which is the >> right thing). The proper Railsy way is like this: >> >> # controller >> def page1 >> @content = Pagecontent.find(whatever) >> end >> >> # page1.html.erb >> <%= @content %> >> >> Less code than a helper, more flexible, and more truly MVC. The helper >> method has nothing at all to recommend it here. >> > > I don''t see how that would mean less code.With the helper, you have both the helper method definition and the call in the view. With the proper Railsy way, you just have the call in the controller (equivalent to the helper definition) and the variable is already set for the view without further work. But don''t take my word for it. Branch your project and try it! Best, -- Marnen Laibow-Koser http://www.marnen.org marnen-sbuyVjPbboAdnm+yROfE0A@public.gmane.org -- Posted via http://www.ruby-forum.com/.