Author suggested to filter out forbidden attributes. And it is really needed, because strong_parameters will not raise exception on attempt to change forbidden attribute. Success message will be displayed to user, but attribute will stay unchanged. It is expected behaviour (https://github.com/rails/strong_parameters/issues/54#issuecomment-977...)
So, that Railscast's code to filter out forbidden attribute is:
<% if permitted_params.topic_attributes.include? :sticky %> <div class="field"> <%= f.check_box :sticky %> <%= f.label :sticky %> </div> <% end %>
Using simple_form it can be written like this:
<%= f.input :sticky, :as => :boolean if permitted_params.topic_attributes.include?(:sticky) %>
It's already too much I think. But it is only one attrbute. For five attributes it will be five permitted_params.topic_attributes.include?()
It probably can be shortened, but still there is a need to specify some condition for each attribute to filter out forbidden ones.
So maybe simple_form gem is the right place to auto-apply strong_parameters permissions? Or there is another way to do it?
I personally don't think this is SimpleForm's responsibility. It's up to
the developer to show the correct fields that are going to be submitted to
a particular controller that handles params with strong_parameters.
In any case, I'm pretty sure it's possible to wrap SimpleForm's behavior in
a new form builder that handles that for you. I can think of something that
receives the "permitted_params" in the form_for call, and automatically
skip attributes that are inside there. Keep in mind that it may be a bigger
problem when you're talking about nested attributes and so on, but I think
it's possible.
On Thu, Oct 25, 2012 at 9:09 AM, Denis Peplin <denis.pep...@gmail.com>wrote:
> Author suggested to filter out forbidden attributes. And it is really
> needed, because strong_parameters will not raise exception on attempt to
> change forbidden attribute. Success message will be displayed to user, but
> attribute will stay unchanged. It is expected behaviour (
> https://github.com/rails/strong_parameters/issues/54#issuecomment-977...)
> So, that Railscast's code to filter out forbidden attribute is:
I also thought about some wrapper, but for me it is too complex solution.
simple_form is wrapper by itself, and it does not looks very simple. I
agree, that mixing strong_parameters functionality with simple_form code is
not perfect idea. But what about more general functionality, maybe some
filter, that can be used in different ways, without mixing filtering logic
into view code?
It turns out, that it is easier to implement that filter by monkey patching
simple_form's FormBuilder:
> I personally don't think this is SimpleForm's responsibility. It's up to
> the developer to show the correct fields that are going to be submitted to
> a particular controller that handles params with strong_parameters.
> In any case, I'm pretty sure it's possible to wrap SimpleForm's behavior
> in a new form builder that handles that for you. I can think of something
> that receives the "permitted_params" in the form_for call, and
> automatically skip attributes that are inside there. Keep in mind that it
> may be a bigger problem when you're talking about nested attributes and so
> on, but I think it's possible.
> On Thu, Oct 25, 2012 at 9:09 AM, Denis Peplin <denis.pep...@gmail.com>wrote:
>> Author suggested to filter out forbidden attributes. And it is really
>> needed, because strong_parameters will not raise exception on attempt to
>> change forbidden attribute. Success message will be displayed to user, but
>> attribute will stay unchanged. It is expected behaviour (
>> https://github.com/rails/strong_parameters/issues/54#issuecomment-977... >> )
>> So, that Railscast's code to filter out forbidden attribute is:
I added a comment to your
gist<https://gist.github.com/3992175#gistcomment-592000> with
a StrongParametersFormBuilder example, that would extend SimpleForm
functionality with your "display_only" option, allowing you to achieve
exactly your example here.
I don't think this is going to be part of SimpleForm any time soon, in my
mind, if the developer doesn't need an attribute, he shouldn't call f.input
with it. If he wants to generalize form at that point, to reuse the same
form with different pages and different "parameters" configuration, then
it's up to him to handle it with a builder extension like that, or ifs. In
the majority of the use cases I've seen, it has been better to just split
the form templates.
On Thu, Nov 1, 2012 at 4:45 AM, Denis Peplin <denis.pep...@gmail.com> wrote:
> I also thought about some wrapper, but for me it is too complex solution.
> simple_form is wrapper by itself, and it does not looks very simple. I
> agree, that mixing strong_parameters functionality with simple_form code is
> not perfect idea. But what about more general functionality, maybe some
> filter, that can be used in different ways, without mixing filtering logic
> into view code?
> It turns out, that it is easier to implement that filter by monkey
> patching simple_form's FormBuilder:
> This gist can be released as gem, but only if there is no chances to
> include filtering functionality into simple_form gem.
> 2012/10/28 Carlos Antonio da Silva <carlosantoniodasi...@gmail.com>
>> I personally don't think this is SimpleForm's responsibility. It's up to
>> the developer to show the correct fields that are going to be submitted to
>> a particular controller that handles params with strong_parameters.
>> In any case, I'm pretty sure it's possible to wrap SimpleForm's behavior
>> in a new form builder that handles that for you. I can think of something
>> that receives the "permitted_params" in the form_for call, and
>> automatically skip attributes that are inside there. Keep in mind that it
>> may be a bigger problem when you're talking about nested attributes and so
>> on, but I think it's possible.
>> On Thu, Oct 25, 2012 at 9:09 AM, Denis Peplin <denis.pep...@gmail.com>wrote:
>>> Author suggested to filter out forbidden attributes. And it is really
>>> needed, because strong_parameters will not raise exception on attempt to
>>> change forbidden attribute. Success message will be displayed to user, but
>>> attribute will stay unchanged. It is expected behaviour (
>>> https://github.com/rails/strong_parameters/issues/54#issuecomment-977... >>> )
>>> So, that Railscast's code to filter out forbidden attribute is:
2012/11/1 Carlos Antonio da Silva <carlosantoniodasi...@gmail.com>
> I added a comment to your gist<https://gist.github.com/3992175#gistcomment-592000> with
> a StrongParametersFormBuilder example, that would extend SimpleForm
> functionality with your "display_only" option, allowing you to achieve
> exactly your example here.
Looks great, but can't get it working. options[:display_only] is seems
unavailable inside new form builder. I established new Rails application to
test this, please look:
> I don't think this is going to be part of SimpleForm any time soon, in my
> mind, if the developer doesn't need an attribute, he shouldn't call f.input
> with it. If he wants to generalize form at that point, to reuse the same
> form with different pages and different "parameters" configuration, then
> it's up to him to handle it with a builder extension like that, or ifs. In
> the majority of the use cases I've seen, it has been better to just split
> the form templates.
I have some filtering in my views too, but not a lot. I think, it will take
some time to gain experience with stuff like strong_parameters, and to
decide, is display_filter really needed or it will only complicate things.
> On Thu, Nov 1, 2012 at 4:45 AM, Denis Peplin <denis.pep...@gmail.com>wrote:
>> I also thought about some wrapper, but for me it is too complex solution.
>> simple_form is wrapper by itself, and it does not looks very simple. I
>> agree, that mixing strong_parameters functionality with simple_form code is
>> not perfect idea. But what about more general functionality, maybe some
>> filter, that can be used in different ways, without mixing filtering logic
>> into view code?
>> It turns out, that it is easier to implement that filter by monkey
>> patching simple_form's FormBuilder:
>> This gist can be released as gem, but only if there is no chances to
>> include filtering functionality into simple_form gem.
>> 2012/10/28 Carlos Antonio da Silva <carlosantoniodasi...@gmail.com>
>>> I personally don't think this is SimpleForm's responsibility. It's up to
>>> the developer to show the correct fields that are going to be submitted to
>>> a particular controller that handles params with strong_parameters.
>>> In any case, I'm pretty sure it's possible to wrap SimpleForm's behavior
>>> in a new form builder that handles that for you. I can think of something
>>> that receives the "permitted_params" in the form_for call, and
>>> automatically skip attributes that are inside there. Keep in mind that it
>>> may be a bigger problem when you're talking about nested attributes and so
>>> on, but I think it's possible.
>>> On Thu, Oct 25, 2012 at 9:09 AM, Denis Peplin <denis.pep...@gmail.com>wrote:
>>>> Author suggested to filter out forbidden attributes. And it is really
>>>> needed, because strong_parameters will not raise exception on attempt to
>>>> change forbidden attribute. Success message will be displayed to user, but
>>>> attribute will stay unchanged. It is expected behaviour (
>>>> https://github.com/rails/strong_parameters/issues/54#issuecomment-977... >>>> )
>>>> So, that Railscast's code to filter out forbidden attribute is:
On Fri, Nov 2, 2012 at 3:40 AM, Denis Peplin <denis.pep...@gmail.com> wrote:
> 2012/11/1 Carlos Antonio da Silva <carlosantoniodasi...@gmail.com>
>> I added a comment to your gist<https://gist.github.com/3992175#gistcomment-592000> with
>> a StrongParametersFormBuilder example, that would extend SimpleForm
>> functionality with your "display_only" option, allowing you to achieve
>> exactly your example here.
> Looks great, but can't get it working. options[:display_only] is seems
> unavailable inside new form builder. I established new Rails application to
> test this, please look:
>> I don't think this is going to be part of SimpleForm any time soon, in my
>> mind, if the developer doesn't need an attribute, he shouldn't call f.input
>> with it. If he wants to generalize form at that point, to reuse the same
>> form with different pages and different "parameters" configuration, then
>> it's up to him to handle it with a builder extension like that, or ifs. In
>> the majority of the use cases I've seen, it has been better to just split
>> the form templates.
> I have some filtering in my views too, but not a lot. I think, it will
> take some time to gain experience with stuff like strong_parameters, and to
> decide, is display_filter really needed or it will only complicate things.
>> Thanks!
>> On Thu, Nov 1, 2012 at 4:45 AM, Denis Peplin <denis.pep...@gmail.com>wrote:
>>> I also thought about some wrapper, but for me it is too complex
>>> solution. simple_form is wrapper by itself, and it does not looks very
>>> simple. I agree, that mixing strong_parameters functionality with
>>> simple_form code is not perfect idea. But what about more general
>>> functionality, maybe some filter, that can be used in different ways,
>>> without mixing filtering logic into view code?
>>> It turns out, that it is easier to implement that filter by monkey
>>> patching simple_form's FormBuilder:
>>> This gist can be released as gem, but only if there is no chances to
>>> include filtering functionality into simple_form gem.
>>> 2012/10/28 Carlos Antonio da Silva <carlosantoniodasi...@gmail.com>
>>>> I personally don't think this is SimpleForm's responsibility. It's up
>>>> to the developer to show the correct fields that are going to be submitted
>>>> to a particular controller that handles params with strong_parameters.
>>>> In any case, I'm pretty sure it's possible to wrap SimpleForm's
>>>> behavior in a new form builder that handles that for you. I can think of
>>>> something that receives the "permitted_params" in the form_for call, and
>>>> automatically skip attributes that are inside there. Keep in mind that it
>>>> may be a bigger problem when you're talking about nested attributes and so
>>>> on, but I think it's possible.
>>>> On Thu, Oct 25, 2012 at 9:09 AM, Denis Peplin <denis.pep...@gmail.com>wrote:
>>>>> Author suggested to filter out forbidden attributes. And it is really
>>>>> needed, because strong_parameters will not raise exception on attempt to
>>>>> change forbidden attribute. Success message will be displayed to user, but
>>>>> attribute will stay unchanged. It is expected behaviour (
>>>>> https://github.com/rails/strong_parameters/issues/54#issuecomment-977... >>>>> )
>>>>> So, that Railscast's code to filter out forbidden attribute is:
>>>>> It's already too much I think. But it is only one attrbute. For five
>>>>> attributes it will be five permitted_params.topic_attributes.include?()
>>>>> It probably can be shortened, but still there is a need to specify
>>>>> some condition for each attribute to filter out forbidden ones.
>>>>> So maybe simple_form gem is the right place to auto-apply
>>>>> strong_parameters permissions? Or there is another way to do it?
carlosantoniodasi...@gmail.com> wrote:
> Yeah, it was something quick and dirty, totally untested :D. Will take a
> look at your app.
> On Fri, Nov 2, 2012 at 3:40 AM, Denis Peplin <denis.pep...@gmail.com>wrote:
>> 2012/11/1 Carlos Antonio da Silva <carlosantoniodasi...@gmail.com>
>>> I added a comment to your gist<https://gist.github.com/3992175#gistcomment-592000> with
>>> a StrongParametersFormBuilder example, that would extend SimpleForm
>>> functionality with your "display_only" option, allowing you to achieve
>>> exactly your example here.
>> Looks great, but can't get it working. options[:display_only] is seems
>> unavailable inside new form builder. I established new Rails application to
>> test this, please look:
>>> I don't think this is going to be part of SimpleForm any time soon, in
>>> my mind, if the developer doesn't need an attribute, he shouldn't call
>>> f.input with it. If he wants to generalize form at that point, to reuse the
>>> same form with different pages and different "parameters" configuration,
>>> then it's up to him to handle it with a builder extension like that, or
>>> ifs. In the majority of the use cases I've seen, it has been better to just
>>> split the form templates.
>> I have some filtering in my views too, but not a lot. I think, it will
>> take some time to gain experience with stuff like strong_parameters, and to
>> decide, is display_filter really needed or it will only complicate things.
>>> Thanks!
>>> On Thu, Nov 1, 2012 at 4:45 AM, Denis Peplin <denis.pep...@gmail.com>wrote:
>>>> I also thought about some wrapper, but for me it is too complex
>>>> solution. simple_form is wrapper by itself, and it does not looks very
>>>> simple. I agree, that mixing strong_parameters functionality with
>>>> simple_form code is not perfect idea. But what about more general
>>>> functionality, maybe some filter, that can be used in different ways,
>>>> without mixing filtering logic into view code?
>>>> It turns out, that it is easier to implement that filter by monkey
>>>> patching simple_form's FormBuilder:
>>>> This gist can be released as gem, but only if there is no chances to
>>>> include filtering functionality into simple_form gem.
>>>> 2012/10/28 Carlos Antonio da Silva <carlosantoniodasi...@gmail.com>
>>>>> I personally don't think this is SimpleForm's responsibility. It's up
>>>>> to the developer to show the correct fields that are going to be submitted
>>>>> to a particular controller that handles params with strong_parameters.
>>>>> In any case, I'm pretty sure it's possible to wrap SimpleForm's
>>>>> behavior in a new form builder that handles that for you. I can think of
>>>>> something that receives the "permitted_params" in the form_for call, and
>>>>> automatically skip attributes that are inside there. Keep in mind that it
>>>>> may be a bigger problem when you're talking about nested attributes and so
>>>>> on, but I think it's possible.
>>>>> On Thu, Oct 25, 2012 at 9:09 AM, Denis Peplin <denis.pep...@gmail.com>wrote:
>>>>>> Author suggested to filter out forbidden attributes. And it is really
>>>>>> needed, because strong_parameters will not raise exception on attempt to
>>>>>> change forbidden attribute. Success message will be displayed to user, but
>>>>>> attribute will stay unchanged. It is expected behaviour (
>>>>>> https://github.com/rails/strong_parameters/issues/54#issuecomment-977... >>>>>> )
>>>>>> So, that Railscast's code to filter out forbidden attribute is:
>>>>>> It's already too much I think. But it is only one attrbute. For five
>>>>>> attributes it will be five permitted_params.topic_attributes.include?()
>>>>>> It probably can be shortened, but still there is a need to specify
>>>>>> some condition for each attribute to filter out forbidden ones.
>>>>>> So maybe simple_form gem is the right place to auto-apply
>>>>>> strong_parameters permissions? Or there is another way to do it?
Now in works. I changed code a little bit to actually display
'display_only' attributes, not filter it out, added comment to gist and
updated display_filter_demo repository.
Thanks!
2012/11/2 Carlos Antonio da Silva <carlosantoniodasi...@gmail.com>
> On Fri, Nov 2, 2012 at 10:21 AM, Carlos Antonio da Silva <
> carlosantoniodasi...@gmail.com> wrote:
>> Yeah, it was something quick and dirty, totally untested :D. Will take a
>> look at your app.
>> On Fri, Nov 2, 2012 at 3:40 AM, Denis Peplin <denis.pep...@gmail.com>wrote:
>>> 2012/11/1 Carlos Antonio da Silva <carlosantoniodasi...@gmail.com>
>>>> I added a comment to your gist<https://gist.github.com/3992175#gistcomment-592000> with
>>>> a StrongParametersFormBuilder example, that would extend SimpleForm
>>>> functionality with your "display_only" option, allowing you to achieve
>>>> exactly your example here.
>>> Looks great, but can't get it working. options[:display_only] is seems
>>> unavailable inside new form builder. I established new Rails application to
>>> test this, please look:
>>>> I don't think this is going to be part of SimpleForm any time soon, in
>>>> my mind, if the developer doesn't need an attribute, he shouldn't call
>>>> f.input with it. If he wants to generalize form at that point, to reuse the
>>>> same form with different pages and different "parameters" configuration,
>>>> then it's up to him to handle it with a builder extension like that, or
>>>> ifs. In the majority of the use cases I've seen, it has been better to just
>>>> split the form templates.
>>> I have some filtering in my views too, but not a lot. I think, it will
>>> take some time to gain experience with stuff like strong_parameters, and to
>>> decide, is display_filter really needed or it will only complicate things.
>>>> Thanks!
>>>> On Thu, Nov 1, 2012 at 4:45 AM, Denis Peplin <denis.pep...@gmail.com>wrote:
>>>>> I also thought about some wrapper, but for me it is too complex
>>>>> solution. simple_form is wrapper by itself, and it does not looks very
>>>>> simple. I agree, that mixing strong_parameters functionality with
>>>>> simple_form code is not perfect idea. But what about more general
>>>>> functionality, maybe some filter, that can be used in different ways,
>>>>> without mixing filtering logic into view code?
>>>>> It turns out, that it is easier to implement that filter by monkey
>>>>> patching simple_form's FormBuilder:
>>>>> This gist can be released as gem, but only if there is no chances to
>>>>> include filtering functionality into simple_form gem.
>>>>> 2012/10/28 Carlos Antonio da Silva <carlosantoniodasi...@gmail.com>
>>>>>> I personally don't think this is SimpleForm's responsibility. It's up
>>>>>> to the developer to show the correct fields that are going to be submitted
>>>>>> to a particular controller that handles params with strong_parameters.
>>>>>> In any case, I'm pretty sure it's possible to wrap SimpleForm's
>>>>>> behavior in a new form builder that handles that for you. I can think of
>>>>>> something that receives the "permitted_params" in the form_for call, and
>>>>>> automatically skip attributes that are inside there. Keep in mind that it
>>>>>> may be a bigger problem when you're talking about nested attributes and so
>>>>>> on, but I think it's possible.
>>>>>> On Thu, Oct 25, 2012 at 9:09 AM, Denis Peplin <denis.pep...@gmail.com
>>>>>> > wrote:
>>>>>>> Author suggested to filter out forbidden attributes. And it is
>>>>>>> really needed, because strong_parameters will not raise exception on
>>>>>>> attempt to change forbidden attribute. Success message will be displayed to
>>>>>>> user, but attribute will stay unchanged. It is expected behaviour (
>>>>>>> https://github.com/rails/strong_parameters/issues/54#issuecomment-977... >>>>>>> )
>>>>>>> So, that Railscast's code to filter out forbidden attribute is:
>>>>>>> It's already too much I think. But it is only one attrbute. For five
>>>>>>> attributes it will be five permitted_params.topic_attributes.include?()
>>>>>>> It probably can be shortened, but still there is a need to specify
>>>>>>> some condition for each attribute to filter out forbidden ones.
>>>>>>> So maybe simple_form gem is the right place to auto-apply
>>>>>>> strong_parameters permissions? Or there is another way to do it?
On Fri, Nov 9, 2012 at 2:38 AM, Denis Peplin <denis.pep...@gmail.com> wrote:
> Now in works. I changed code a little bit to actually display
> 'display_only' attributes, not filter it out, added comment to gist and
> updated display_filter_demo repository.
> Thanks!
> 2012/11/2 Carlos Antonio da Silva <carlosantoniodasi...@gmail.com>
>> On Fri, Nov 2, 2012 at 10:21 AM, Carlos Antonio da Silva <
>> carlosantoniodasi...@gmail.com> wrote:
>>> Yeah, it was something quick and dirty, totally untested :D. Will take a
>>> look at your app.
>>> On Fri, Nov 2, 2012 at 3:40 AM, Denis Peplin <denis.pep...@gmail.com>wrote:
>>>> 2012/11/1 Carlos Antonio da Silva <carlosantoniodasi...@gmail.com>
>>>>> I added a comment to your gist<https://gist.github.com/3992175#gistcomment-592000> with
>>>>> a StrongParametersFormBuilder example, that would extend SimpleForm
>>>>> functionality with your "display_only" option, allowing you to achieve
>>>>> exactly your example here.
>>>> Looks great, but can't get it working. options[:display_only] is seems
>>>> unavailable inside new form builder. I established new Rails application to
>>>> test this, please look:
>>>>> I don't think this is going to be part of SimpleForm any time soon, in
>>>>> my mind, if the developer doesn't need an attribute, he shouldn't call
>>>>> f.input with it. If he wants to generalize form at that point, to reuse the
>>>>> same form with different pages and different "parameters" configuration,
>>>>> then it's up to him to handle it with a builder extension like that, or
>>>>> ifs. In the majority of the use cases I've seen, it has been better to just
>>>>> split the form templates.
>>>> I have some filtering in my views too, but not a lot. I think, it will
>>>> take some time to gain experience with stuff like strong_parameters, and to
>>>> decide, is display_filter really needed or it will only complicate things.
>>>>> Thanks!
>>>>> On Thu, Nov 1, 2012 at 4:45 AM, Denis Peplin <denis.pep...@gmail.com>wrote:
>>>>>> I also thought about some wrapper, but for me it is too complex
>>>>>> solution. simple_form is wrapper by itself, and it does not looks very
>>>>>> simple. I agree, that mixing strong_parameters functionality with
>>>>>> simple_form code is not perfect idea. But what about more general
>>>>>> functionality, maybe some filter, that can be used in different ways,
>>>>>> without mixing filtering logic into view code?
>>>>>> It turns out, that it is easier to implement that filter by monkey
>>>>>> patching simple_form's FormBuilder:
>>>>>> This gist can be released as gem, but only if there is no chances to
>>>>>> include filtering functionality into simple_form gem.
>>>>>> 2012/10/28 Carlos Antonio da Silva <carlosantoniodasi...@gmail.com>
>>>>>>> I personally don't think this is SimpleForm's responsibility. It's
>>>>>>> up to the developer to show the correct fields that are going to be
>>>>>>> submitted to a particular controller that handles params with
>>>>>>> strong_parameters.
>>>>>>> In any case, I'm pretty sure it's possible to wrap SimpleForm's
>>>>>>> behavior in a new form builder that handles that for you. I can think of
>>>>>>> something that receives the "permitted_params" in the form_for call, and
>>>>>>> automatically skip attributes that are inside there. Keep in mind that it
>>>>>>> may be a bigger problem when you're talking about nested attributes and so
>>>>>>> on, but I think it's possible.
>>>>>>> On Thu, Oct 25, 2012 at 9:09 AM, Denis Peplin <
>>>>>>> denis.pep...@gmail.com> wrote:
>>>>>>>> Author suggested to filter out forbidden attributes. And it is
>>>>>>>> really needed, because strong_parameters will not raise exception on
>>>>>>>> attempt to change forbidden attribute. Success message will be displayed to
>>>>>>>> user, but attribute will stay unchanged. It is expected behaviour (
>>>>>>>> https://github.com/rails/strong_parameters/issues/54#issuecomment-977... >>>>>>>> )
>>>>>>>> So, that Railscast's code to filter out forbidden attribute is:
>>>>>>>> It's already too much I think. But it is only one attrbute. For
>>>>>>>> five attributes it will be five permitted_params.topic_attributes.include?()
>>>>>>>> It probably can be shortened, but still there is a need to specify
>>>>>>>> some condition for each attribute to filter out forbidden ones.
>>>>>>>> So maybe simple_form gem is the right place to auto-apply
>>>>>>>> strong_parameters permissions? Or there is another way to do it?
> Awesome.. Perhaps you'd like to add an entry to our wiki with the final
> working example, so that others could benefit? Thanks!
> On Fri, Nov 9, 2012 at 2:38 AM, Denis Peplin <denis.pep...@gmail.com>wrote:
>> Now in works. I changed code a little bit to actually display
>> 'display_only' attributes, not filter it out, added comment to gist and
>> updated display_filter_demo repository.
>> Thanks!
>> 2012/11/2 Carlos Antonio da Silva <carlosantoniodasi...@gmail.com>
>>> On Fri, Nov 2, 2012 at 10:21 AM, Carlos Antonio da Silva <
>>> carlosantoniodasi...@gmail.com> wrote:
>>>> Yeah, it was something quick and dirty, totally untested :D. Will take
>>>> a look at your app.
>>>> On Fri, Nov 2, 2012 at 3:40 AM, Denis Peplin <denis.pep...@gmail.com>wrote:
>>>>> 2012/11/1 Carlos Antonio da Silva <carlosantoniodasi...@gmail.com>
>>>>>> I added a comment to your gist<https://gist.github.com/3992175#gistcomment-592000> with
>>>>>> a StrongParametersFormBuilder example, that would extend SimpleForm
>>>>>> functionality with your "display_only" option, allowing you to achieve
>>>>>> exactly your example here.
>>>>> Looks great, but can't get it working. options[:display_only] is seems
>>>>> unavailable inside new form builder. I established new Rails application to
>>>>> test this, please look:
>>>>>> I don't think this is going to be part of SimpleForm any time soon,
>>>>>> in my mind, if the developer doesn't need an attribute, he shouldn't call
>>>>>> f.input with it. If he wants to generalize form at that point, to reuse the
>>>>>> same form with different pages and different "parameters" configuration,
>>>>>> then it's up to him to handle it with a builder extension like that, or
>>>>>> ifs. In the majority of the use cases I've seen, it has been better to just
>>>>>> split the form templates.
>>>>> I have some filtering in my views too, but not a lot. I think, it will
>>>>> take some time to gain experience with stuff like strong_parameters, and to
>>>>> decide, is display_filter really needed or it will only complicate things.
>>>>>> Thanks!
>>>>>> On Thu, Nov 1, 2012 at 4:45 AM, Denis Peplin <denis.pep...@gmail.com>wrote:
>>>>>>> I also thought about some wrapper, but for me it is too complex
>>>>>>> solution. simple_form is wrapper by itself, and it does not looks very
>>>>>>> simple. I agree, that mixing strong_parameters functionality with
>>>>>>> simple_form code is not perfect idea. But what about more general
>>>>>>> functionality, maybe some filter, that can be used in different ways,
>>>>>>> without mixing filtering logic into view code?
>>>>>>> It turns out, that it is easier to implement that filter by monkey
>>>>>>> patching simple_form's FormBuilder:
>>>>>>> This gist can be released as gem, but only if there is no chances to
>>>>>>> include filtering functionality into simple_form gem.
>>>>>>> 2012/10/28 Carlos Antonio da Silva <carlosantoniodasi...@gmail.com>
>>>>>>>> I personally don't think this is SimpleForm's responsibility. It's
>>>>>>>> up to the developer to show the correct fields that are going to be
>>>>>>>> submitted to a particular controller that handles params with
>>>>>>>> strong_parameters.
>>>>>>>> In any case, I'm pretty sure it's possible to wrap SimpleForm's
>>>>>>>> behavior in a new form builder that handles that for you. I can think of
>>>>>>>> something that receives the "permitted_params" in the form_for call, and
>>>>>>>> automatically skip attributes that are inside there. Keep in mind that it
>>>>>>>> may be a bigger problem when you're talking about nested attributes and so
>>>>>>>> on, but I think it's possible.
>>>>>>>> On Thu, Oct 25, 2012 at 9:09 AM, Denis Peplin <
>>>>>>>> denis.pep...@gmail.com> wrote:
>>>>>>>>> Author suggested to filter out forbidden attributes. And it is
>>>>>>>>> really needed, because strong_parameters will not raise exception on
>>>>>>>>> attempt to change forbidden attribute. Success message will be displayed to
>>>>>>>>> user, but attribute will stay unchanged. It is expected behaviour (
>>>>>>>>> https://github.com/rails/strong_parameters/issues/54#issuecomment-977... >>>>>>>>> )
>>>>>>>>> So, that Railscast's code to filter out forbidden attribute is:
>>>>>>>>> It's already too much I think. But it is only one attrbute. For
>>>>>>>>> five attributes it will be five permitted_params.topic_attributes.include?()
>>>>>>>>> It probably can be shortened, but still there is a need to specify
>>>>>>>>> some condition for each attribute to filter out forbidden ones.
>>>>>>>>> So maybe simple_form gem is the right place to auto-apply
>>>>>>>>> strong_parameters permissions? Or there is another way to do it?
> 2012/11/9 Carlos Antonio da Silva <carlosantoniodasi...@gmail.com>
>> Awesome.. Perhaps you'd like to add an entry to our wiki with the final
>> working example, so that others could benefit? Thanks!
>> On Fri, Nov 9, 2012 at 2:38 AM, Denis Peplin <denis.pep...@gmail.com>wrote:
>>> Now in works. I changed code a little bit to actually display
>>> 'display_only' attributes, not filter it out, added comment to gist and
>>> updated display_filter_demo repository.
>>> Thanks!
>>> 2012/11/2 Carlos Antonio da Silva <carlosantoniodasi...@gmail.com>
>>>> On Fri, Nov 2, 2012 at 10:21 AM, Carlos Antonio da Silva <
>>>> carlosantoniodasi...@gmail.com> wrote:
>>>>> Yeah, it was something quick and dirty, totally untested :D. Will take
>>>>> a look at your app.
>>>>> On Fri, Nov 2, 2012 at 3:40 AM, Denis Peplin <denis.pep...@gmail.com>wrote:
>>>>>> 2012/11/1 Carlos Antonio da Silva <carlosantoniodasi...@gmail.com>
>>>>>>> I added a comment to your gist<https://gist.github.com/3992175#gistcomment-592000> with
>>>>>>> a StrongParametersFormBuilder example, that would extend SimpleForm
>>>>>>> functionality with your "display_only" option, allowing you to achieve
>>>>>>> exactly your example here.
>>>>>> Looks great, but can't get it working. options[:display_only] is
>>>>>> seems unavailable inside new form builder. I established new Rails
>>>>>> application to test this, please look:
>>>>>>> I don't think this is going to be part of SimpleForm any time soon,
>>>>>>> in my mind, if the developer doesn't need an attribute, he shouldn't call
>>>>>>> f.input with it. If he wants to generalize form at that point, to reuse the
>>>>>>> same form with different pages and different "parameters" configuration,
>>>>>>> then it's up to him to handle it with a builder extension like that, or
>>>>>>> ifs. In the majority of the use cases I've seen, it has been better to just
>>>>>>> split the form templates.
>>>>>> I have some filtering in my views too, but not a lot. I think, it
>>>>>> will take some time to gain experience with stuff like strong_parameters,
>>>>>> and to decide, is display_filter really needed or it will only complicate
>>>>>> things.
>>>>>>> Thanks!
>>>>>>> On Thu, Nov 1, 2012 at 4:45 AM, Denis Peplin <denis.pep...@gmail.com
>>>>>>> > wrote:
>>>>>>>> I also thought about some wrapper, but for me it is too complex
>>>>>>>> solution. simple_form is wrapper by itself, and it does not looks very
>>>>>>>> simple. I agree, that mixing strong_parameters functionality with
>>>>>>>> simple_form code is not perfect idea. But what about more general
>>>>>>>> functionality, maybe some filter, that can be used in different ways,
>>>>>>>> without mixing filtering logic into view code?
>>>>>>>> It turns out, that it is easier to implement that filter by monkey
>>>>>>>> patching simple_form's FormBuilder:
>>>>>>>> This gist can be released as gem, but only if there is no chances
>>>>>>>> to include filtering functionality into simple_form gem.
>>>>>>>> 2012/10/28 Carlos Antonio da Silva <carlosantoniodasi...@gmail.com>
>>>>>>>>> I personally don't think this is SimpleForm's responsibility. It's
>>>>>>>>> up to the developer to show the correct fields that are going to be
>>>>>>>>> submitted to a particular controller that handles params with
>>>>>>>>> strong_parameters.
>>>>>>>>> In any case, I'm pretty sure it's possible to wrap SimpleForm's
>>>>>>>>> behavior in a new form builder that handles that for you. I can think of
>>>>>>>>> something that receives the "permitted_params" in the form_for call, and
>>>>>>>>> automatically skip attributes that are inside there. Keep in mind that it
>>>>>>>>> may be a bigger problem when you're talking about nested attributes and so
>>>>>>>>> on, but I think it's possible.
>>>>>>>>> On Thu, Oct 25, 2012 at 9:09 AM, Denis Peplin <
>>>>>>>>> denis.pep...@gmail.com> wrote:
>>>>>>>>>> Author suggested to filter out forbidden attributes. And it is
>>>>>>>>>> really needed, because strong_parameters will not raise exception on
>>>>>>>>>> attempt to change forbidden attribute. Success message will be displayed to
>>>>>>>>>> user, but attribute will stay unchanged. It is expected behaviour (
>>>>>>>>>> https://github.com/rails/strong_parameters/issues/54#issuecomment-977... >>>>>>>>>> )
>>>>>>>>>> So, that Railscast's code to filter out forbidden attribute is:
>>>>>>>>>> It's already too much I think. But it is only one attrbute. For
>>>>>>>>>> five attributes it will be five permitted_params.topic_attributes.include?()
>>>>>>>>>> It probably can be shortened, but still there is a need to
>>>>>>>>>> specify some condition for each attribute to filter out forbidden ones.
>>>>>>>>>> So maybe simple_form gem is the right place to auto-apply
>>>>>>>>>> strong_parameters permissions? Or there is another way to do it?
>>>>>>>>> --
>>>>>>>>> At.
>>>>>>>>> Carlos Antonio
>> 2012/11/9 Carlos Antonio da Silva <carlosantoniodasi...@gmail.com>
>>> Awesome.. Perhaps you'd like to add an entry to our wiki with the final
>>> working example, so that others could benefit? Thanks!
>>> On Fri, Nov 9, 2012 at 2:38 AM, Denis Peplin <denis.pep...@gmail.com>wrote:
>>>> Now in works. I changed code a little bit to actually display
>>>> 'display_only' attributes, not filter it out, added comment to gist and
>>>> updated display_filter_demo repository.
>>>> Thanks!
>>>> 2012/11/2 Carlos Antonio da Silva <carlosantoniodasi...@gmail.com>
>>>>> On Fri, Nov 2, 2012 at 10:21 AM, Carlos Antonio da Silva <
>>>>> carlosantoniodasi...@gmail.com> wrote:
>>>>>> Yeah, it was something quick and dirty, totally untested :D. Will
>>>>>> take a look at your app.
>>>>>> On Fri, Nov 2, 2012 at 3:40 AM, Denis Peplin <denis.pep...@gmail.com>wrote:
>>>>>>> 2012/11/1 Carlos Antonio da Silva <carlosantoniodasi...@gmail.com>
>>>>>>>> I added a comment to your gist<https://gist.github.com/3992175#gistcomment-592000> with
>>>>>>>> a StrongParametersFormBuilder example, that would extend SimpleForm
>>>>>>>> functionality with your "display_only" option, allowing you to achieve
>>>>>>>> exactly your example here.
>>>>>>> Looks great, but can't get it working. options[:display_only] is
>>>>>>> seems unavailable inside new form builder. I established new Rails
>>>>>>> application to test this, please look:
>>>>>>>> I don't think this is going to be part of SimpleForm any time soon,
>>>>>>>> in my mind, if the developer doesn't need an attribute, he shouldn't call
>>>>>>>> f.input with it. If he wants to generalize form at that point, to reuse the
>>>>>>>> same form with different pages and different "parameters" configuration,
>>>>>>>> then it's up to him to handle it with a builder extension like that, or
>>>>>>>> ifs. In the majority of the use cases I've seen, it has been better to just
>>>>>>>> split the form templates.
>>>>>>> I have some filtering in my views too, but not a lot. I think, it
>>>>>>> will take some time to gain experience with stuff like strong_parameters,
>>>>>>> and to decide, is display_filter really needed or it will only complicate
>>>>>>> things.
>>>>>>>> Thanks!
>>>>>>>> On Thu, Nov 1, 2012 at 4:45 AM, Denis Peplin <
>>>>>>>> denis.pep...@gmail.com> wrote:
>>>>>>>>> I also thought about some wrapper, but for me it is too complex
>>>>>>>>> solution. simple_form is wrapper by itself, and it does not looks very
>>>>>>>>> simple. I agree, that mixing strong_parameters functionality with
>>>>>>>>> simple_form code is not perfect idea. But what about more general
>>>>>>>>> functionality, maybe some filter, that can be used in different ways,
>>>>>>>>> without mixing filtering logic into view code?
>>>>>>>>> It turns out, that it is easier to implement that filter by monkey
>>>>>>>>> patching simple_form's FormBuilder:
>>>>>>>>> This gist can be released as gem, but only if there is no chances
>>>>>>>>> to include filtering functionality into simple_form gem.
>>>>>>>>> 2012/10/28 Carlos Antonio da Silva <carlosantoniodasi...@gmail.com
>>>>>>>>>> I personally don't think this is SimpleForm's responsibility.
>>>>>>>>>> It's up to the developer to show the correct fields that are going to be
>>>>>>>>>> submitted to a particular controller that handles params with
>>>>>>>>>> strong_parameters.
>>>>>>>>>> In any case, I'm pretty sure it's possible to wrap SimpleForm's
>>>>>>>>>> behavior in a new form builder that handles that for you. I can think of
>>>>>>>>>> something that receives the "permitted_params" in the form_for call, and
>>>>>>>>>> automatically skip attributes that are inside there. Keep in mind that it
>>>>>>>>>> may be a bigger problem when you're talking about nested attributes and so
>>>>>>>>>> on, but I think it's possible.
>>>>>>>>>> On Thu, Oct 25, 2012 at 9:09 AM, Denis Peplin <
>>>>>>>>>> denis.pep...@gmail.com> wrote:
>>>>>>>>>>> Author suggested to filter out forbidden attributes. And it is
>>>>>>>>>>> really needed, because strong_parameters will not raise exception on
>>>>>>>>>>> attempt to change forbidden attribute. Success message will be displayed to
>>>>>>>>>>> user, but attribute will stay unchanged. It is expected behaviour (
>>>>>>>>>>> https://github.com/rails/strong_parameters/issues/54#issuecomment-977... >>>>>>>>>>> )
>>>>>>>>>>> So, that Railscast's code to filter out forbidden attribute is:
>>>>>>>>>>> It's already too much I think. But it is only one attrbute. For
>>>>>>>>>>> five attributes it will be five permitted_params.topic_attributes.include?()
>>>>>>>>>>> It probably can be shortened, but still there is a need to
>>>>>>>>>>> specify some condition for each attribute to filter out forbidden ones.
>>>>>>>>>>> So maybe simple_form gem is the right place to auto-apply
>>>>>>>>>>> strong_parameters permissions? Or there is another way to do it?
>>>>>>>>>> --
>>>>>>>>>> At.
>>>>>>>>>> Carlos Antonio
