pizu
2011-Apr-07 15:21 UTC
adding an item to a list of wishes - noobie question on link_to helper
Hi, I''m a new kid here. Hello! Have a question, regarding my favourite web framework: I have a User, Item and Wish models. User have many Items and Wishes Item have many Wishes Wish belongs to User and Item ItemsController def show @item = Item.find(params[:id]) end WishesController def new @wish = current_user.wishes.build end def create @wish = current_user.wishes.new(params[:wish]) if @wish.save redirect_to wishes_url, :notice => "Wish added!" else render :action => ''new'' end end From Items show.html.erb template, I would the user to be able to click a link such, as this one: <%= link_to "Add to my wishlist", new_wish_path() %> and the user would be presented with a Wish form (fields showing: Note, Status, whilst other fields: item_id and user_id would not be shown) User would submit the form and the wish would be created. One thing, I would prefer not to use hidden fields with pre-populated item_id and user_id as I understand these can be tempered with fairly easily. Hope you can help. Thanks! Piotr -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
Frederick Cheung
2011-Apr-08 08:05 UTC
Re: adding an item to a list of wishes - noobie question on link_to helper
On Apr 7, 4:21 pm, pizu <pizu...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> > such, as this one: <%= link_to "Add to my wishlist", new_wish_path() > %> > > and the user would be presented with a Wish form (fields showing: > Note, Status, whilst other fields: item_id and user_id would not be > shown) > > User would submit the form and the wish would be created. > > One thing, I would prefer not to use hidden fields with pre-populated > item_id and user_id as I understand these can be tempered with fairly > easily.I''m not entirely sure what your question is but ... You can certainly add extra parameters to new_wish_path (for example :item_id => @item.id). An alternative design is to have a nested resource where you instead have a path helper called new_item_wish_path(@item). All this changes is the url that your user sees, in the first case it would be something along the lines of wishes/new?item_id=xxx in the second case it would be items/xxx/wishes/new You are entirely right about hidden fields being easily tampered with - you can''t trust anything you receive from a user. Typically the user would be logged in so you would have some concept of the current user and you would create the wish for that user. If you need to restrict which items a wish can be created for then it''s up to you to perform that check at the point at which you create the wish. Fred> Hope you can help. > Thanks! > Piotr-- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.