Thursday, 15 August 2013

Alternative to using hidden fields in Rails. Keeping things secure -



Alternative to using hidden fields in Rails. Keeping things secure -

i setting scheme of posts, user's posts have moderated superuser unless "verified" user (user.verified = true)

i going setup boolean column in user model, :verified , if true, allow them post , circumvent moderation.

so, when user go post... know set hidden field post. example, in post form, add

<%= f.hidden_field :approved, :value => 1 if current_user.verified == 1 %>

however, know not secure, , utilize firebug modify this.

what best practice move logic model/controller, or there resource link covers sort of thing, overriding or modifying "default" create/update actions?

thanks

per reply below, here have in post model:

#if user verified, set approved column true before_save :check_for_verified def check_for_verified approved = user.verified? end

however, not allowing me save now, doesn't error, doesnt allow save.

your feeling not belong in view correct.

there lots of ways go this. 1 way set before_create callback on model sets approved if user verified

class post before_create :approve_if_user_verified def approve_if_user_verified approved = user.verified? end

ruby-on-rails ruby-on-rails-3

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)