I've got a form with some check_box_tags. Some of these checkboxes do not belong to the model and need to be removed from the params hash. I know i can use the exclude method, but the problem is that these fields have dynamic ids that I can't know in advance.
My question is:
Is there a way of excluding a form field so it doesn't enter the params hash in the first place?
Many thanks!
Uri
Anytime you submit a form to a controller and the input fields have a name, those K:V pairs will be added to the params request assuming they are white listed by your strong parameters (rails4 only). Your best option would be to use JavaScript. Something like this would filter those fields based on class, data attr, or any other parameter you would like to filter by:
$('.new_resource_form').onSubmit(function(e) {
e.preventDefault();
$('.fields_for_removal').remove();
$(this).submit();
});
Related
My model does not really represent what my form is posting. Example my Orgs Model which holds orgs helps me generate a treeview the users selects several nodes of the orgs tree and submits a form. The form posts an array[] or org ids.
(maybe i'm doing this all wrong, please let me know tried binding to models and that was confusing when dealing with trees grids etc and using partial views and ajax returning partial views and editorfor's etc.. the default model binding was useless)
anyways back to my point, since I want to validate if any orgs get selected:
if (SelectedOrgs == null) //array[]
{
ModelState.AddModelError("OrgsNotSelected",IValidationErrors.OrgsNotSelected);
}
my question is how do i retrieve this random key that i just made up from my view? my model and even my viewmodel do not have an array for the selection this is just the result of the post.
I'm not sure what to do in the view to get the value for "OrgsNotSelected".
Thank you!
Bilal
If you were doing normal submit actions to your controller, you would need to use the ValidationSummary to display errors that are not attached to a specific property.
As you are using Ajax, you would be better off returning a json result from your controller and you can define this so that it includes your errors in a format you can use in the success function to display your messages.
I am wondering how can i create a field not associated to the models, the only reason i need the field is to determine which actions to do on it.
Lets say i have a model article, and when creating a new article, i would like a hidden field that would have 0,1,2 and in the controller new, i would see if the params is equal to 0, then do this set of logic or 1 then this set of logic.
Thank you, I also know that defining a set of action for each action won't work.
In a form you can declare both hidden and visible fields that are not directly associated with your models. When you submit the form, in the form's action you can manipulate the attributes in the params that are not related to the model.
When you declare form fields you can use those that end with _tag like email_field_tag, radio_button_tag, and regarding your question, hidden_field_tag. Example:
<% hidden_field_tag 'this_is_hidden' %>
Try it out and inspect what comes into the action: raise params.inspect. In doing so you'll notice the params now includes keys for the attributes you declared that are not related to your model (like the attribute :this_is_hidden)
Try doing it with a hidden_field_tag. (recommendation: put it just before the submit button inside the form tag.)
http://api.rubyonrails.org/classes/ActionView/Helpers/FormTagHelper.html#method-i-hidden_field_tag
hidden_field_tag 'decide', '0'
Then in the new action of the controller you can catch it inside the params hash, and compare it with params[:decide].to_i
most easiest way is to have a hidden field as #Zippie, mentioned. However it has some risks as end user could modify the value in the hidden field and your program could behave differently.
What i personally believe is to have a some kind of a methodology to identify from the passing parameters
Ex: if it is a new object then it should go to method A etc...
By that way end use will not have a chance to modify the workflow.
I need to send parameters with values in a BeginForm html.
Example:
# using (Html.BeginForm ("Create", "IncomeDeclaration", new {declarationAmount = document.getElementById ("element"). value}))
This value I can not get from the Model, as it is not found in the model.
I've tried several ways and nothing worked. If you could change the content of a ViewBag that'd be great.
I appreciate your support.
You can't mix and match Javascript (document.getElementById ("element")) with the C# form declaration. If you want a value submitted with the form, you should add a relevant form element inside the form declaration. If you don't want a regular form element (eg. a textbox), you can use a "hidden" input field. If you want, you can dynamically populate the hidden field using javascript.
In mvc, when submitted to a controller, how can I verify that a user hasn't maliciously changed readonly hidden form fields?
When displaying the form fields render a hidden field that contains a hash for the displayed values.
When receiving the post request hash the received data again and compare this hash to the value of the hidden field.
Two options I can think of:
Encrypt the fields when displaying them, then decrypt server side and use the value
Don't store sensitive information in hidden fields and instead store them in the session (recommended)
I am using javascript to append user selections to a list. When user is done , which is the best way to go:
1: create index for the list and submit as model in a form to the controller?
2: create hidden element and use javascript to append values and submit as actionlink? (not sure how to tell actionlink the value here)
3: wrap form block around the hidden element only and submit string as model?
other?
I think the easiest way is to put some form of your list to the hidden field (type=hidden) and it will be automatically submitted with form and accessible on server under the name you gave it. So main reasoning here is the way you going to process these data on the server side.
First of all, Scott Hanselman has a good post about model binding to arrays, collections, etc.
In my opinion you shouldn't use second way because this will be a vulnerability ( description of CSRF).
In order to use collections binding you'll need to wrap a form around a list and submit it (note, this form will submit only selected values in this list but you may select them all before submit) or to create a map of values and submit it via javascript (for jQuery - $.post(url, data, callback)) or to add all pairs of name&value to some hidden element of a form and submit it.