|
|
|
|
|
|
by gingerlime
4857 days ago
|
|
|
Having transitioned from Django to Rails nearly a year ago, this post reminded me of django forms[1]. When I used django, I didn't think much about them, but moving to Rails, I felt something was missing. Why do validations live only/primarily on the model? Doesn't it make more sense to do validation higher-up the chain to filter mistakes and potentially harmful input? Also a good point about the `attr_accessible` concept. It always felt like a bit of a crippled way to perform authorization. That said, I'm not sure this comment is completely valid: > attr_accessible suffers from context blindness: you’re frequently going to have an end user UI and an admin UI. You want admins to have access to more fields. Whilst it's not the most elegant, you can (and should) define `attr_accessible :x, :y, :z, :as => :admin` but you have to remember to use something like `MyObj.create({x: 'a', z: 'b'}, :as => :admin)` [1] https://docs.djangoproject.com/en/1.5/topics/forms/ |
|
|