In rails 4.2, how to display a form for preview but ensure it cannot be submitted -


i'd have a form view can, depending on circumstances, have submit functionality disabled in bullet-proof way clever user not edit html source (via browser extension) re-add submit button.

it seems 1 way might somehow inject invalid authenticity token replaces (valid) rails-generated one, if user somehow re-adds submit button (by editing html via browser extension) still invalid submission.

my thought have logic in view:

- if @form_disabled   # set controller   - somehow_invalidate_the_authenticity_token?

how might 1 'break' rails form submission?

the purpose of doing this, instead of rendering preview in :show action, have exact same view displaying both live-form , dead-form.

if you, use pundit.

it's pretty simple, , has few lines of code if need know how works.

i'd start write code here, realize example @ readme fit needs.

at application controller add this

at folder app/policies put class postpolicy, of course, must replace "post" name of controller in singular (even if have not model name). update? (and create?) actions should return true/false indicate if user allowed or not.

a few lines down on readme, find postscontroller#update action, call authorize record before update. think want same create (then need create? method @ policy class).

pundit needs current_user controller method, if don't have it. follow user customization instructions.

of course, new , edit actions don't call authorize because allowed everybody. post & put/patch actions forbidden.

yes, it's more surgery of 1 line of code. it's simple , right way of give access users.


Comments

Post a Comment

Popular posts from this blog

java - WARN : org.springframework.web.servlet.PageNotFound - No mapping found for HTTP request with URI [/board/] in DispatcherServlet with name 'appServlet' -

this question has answer here: why spring mvc respond 404 , report “no mapping found http request uri […] in dispatcherservlet”? 3 answers i trying making simple bbs i'm encountering following error, warn : org.springframework.web.servlet.pagenotfound - no mapping found http request uri [/board/] in dispatcherservlet name 'appservlet' i have tried solve error many times, have failed. how can solve error? here web.xml, controllerand , servlet-context. my web.xml <?xml version="1.0" encoding="utf-8"?> <web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/xmlschema-instance" xsi:schemalocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"> <filter> <filter-nam...
Read more

1111. appearing after print sequence - php -

morning, i have code takes string of shoe sizes, explodes , puts in table. code works , info displayed correctly on page after table there few 1's after table. i'm confused this. so table looks (in columns of 3 on webpage) available in following sizes: 3 4 5 6 9 10 111 here's codes, purpose of example $x = 3|4|6|10|9 function get_sizes_pipe($x) { $counter = 0; $splits = explode("|",$x); asort($splits); $x = print "<table class='greentable'>"; $x .= print "<thead><tr><th scope='col' colspan='3' abbr='starter'>available in following sizes:</th></tr></thead><tbody><tr>"; foreach ($splits $split) { $entry = print "<td>".$split."</td>"; if($counter == 2){ $entry .= print "</tr><tr>"; $counter =0; } else { $counter++; ...
Read more

android - How to create dynamically Fragment pager adapter -

i unable create dynamic layout each tabs, able create tabs dynamically constructor(public mypageradapter(fragmentmanager fm , int nooftabs)), coudn't inflate view each tabs creating each fragment should dyanmic. public class mypageradapter extends fragmentpageradapter { private final string[] titles = { "categories", "home", "top paid", "top free", "top grossing", "top new paid", "top new free", "trending" }; int nooftabs; **public mypageradapter(fragmentmanager fm , int nooftabs) { super(fm); this.nooftabs = nooftabs; }** /*public mypageradapter(fragmentmanager fm) { super(fm); }*/ @override public charsequence getpagetitle(int position) { return titles[position]; } @override public int getcount() { ...
Read more