I’m trying to create a select box that chooses from a list of options
determined by class hierarchy. To be specific, I have a Field model
that has been subclassed into several types of Fields. The user chooses
a type of field from the drop-down, and that class is used to generate
the Field back in the controller. I have two questions related to this.
-
In attempting to populate the select box, I created a helper
function that searches the ObjectSpace for children of the Field class.
Unfortunately, within the view in question, only objects named within
the view are added to the scope by Rails, so when I call the helper
function, it only finds said fields. I have worked around this problem
by simply naming every member of the hierarchy in the view, but for this
to work, I have to stick the entire list in every view that uses this
drop-down, and if I ever add to the hierarchy, each instance of that
list will have to be modified manually. I would like a better solution. -
To actually generate the new field, I am calling something that
looks like newfield = eval(params[:fieldtype] + “.create(” +
“:first_attrib =>,” + “second_attrib” + etc. + “)”. Eval is a rather
scary function to be using, here, since it is probably fairly easy to
generate a POST with some sort of injected code that the eval would
execute. I could create helper functions to sanitize the parameters,
but it seems like this would come up often enough that Rails should
already have a solution, a solution that I am not experienced enough to
locate. Does such a thing exist?
Thanks in advance for your time.
-A. Wilson