pizu
2011-Apr-07 15:21 UTC
adding an item to a list of wishes - noobie question on link_to helper
Hi,
I''m a new kid here. Hello!
Have a question, regarding my favourite web framework:
I have a User, Item and Wish models.
User have many Items and Wishes
Item have many Wishes
Wish belongs to User and Item
ItemsController
def show
@item = Item.find(params[:id])
end
WishesController
def new
@wish = current_user.wishes.build
end
def create
@wish = current_user.wishes.new(params[:wish])
if @wish.save
redirect_to wishes_url, :notice => "Wish added!"
else
render :action => ''new''
end
end
From Items show.html.erb template, I would the user to be able to
click a link
such, as this one: <%= link_to "Add to my wishlist",
new_wish_path()
%>
and the user would be presented with a Wish form (fields showing:
Note, Status, whilst other fields: item_id and user_id would not be
shown)
User would submit the form and the wish would be created.
One thing, I would prefer not to use hidden fields with pre-populated
item_id and user_id as I understand these can be tempered with fairly
easily.
Hope you can help.
Thanks!
Piotr
--
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.
Frederick Cheung
2011-Apr-08 08:05 UTC
Re: adding an item to a list of wishes - noobie question on link_to helper
On Apr 7, 4:21 pm, pizu <pizu...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> > such, as this one: <%= link_to "Add to my wishlist", new_wish_path() > %> > > and the user would be presented with a Wish form (fields showing: > Note, Status, whilst other fields: item_id and user_id would not be > shown) > > User would submit the form and the wish would be created. > > One thing, I would prefer not to use hidden fields with pre-populated > item_id and user_id as I understand these can be tempered with fairly > easily.I''m not entirely sure what your question is but ... You can certainly add extra parameters to new_wish_path (for example :item_id => @item.id). An alternative design is to have a nested resource where you instead have a path helper called new_item_wish_path(@item). All this changes is the url that your user sees, in the first case it would be something along the lines of wishes/new?item_id=xxx in the second case it would be items/xxx/wishes/new You are entirely right about hidden fields being easily tampered with - you can''t trust anything you receive from a user. Typically the user would be logged in so you would have some concept of the current user and you would create the wish for that user. If you need to restrict which items a wish can be created for then it''s up to you to perform that check at the point at which you create the wish. Fred> Hope you can help. > Thanks! > Piotr-- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.