I have model called Product and it has the following columns:
create_table :products do |t|
t.decimal :price
t.string :name
t.integer :offline_store_id
t.integer :online_store_id
t.date :product_date
end
Now I made two different forms for the associations you see there:
# using find_or_create_by
webstore = online_store_id
store = offline_store_id
<%= form_for @product do |f| %>
<%= f.text_field :price %>
<%= f.text_field :name %>
<%= f.date_select :product_date
<%= f.text_field :webstore %>
<% end %>
The other form is the same it just switches the :webstore with :store instead. The reason for this is to make a form for online products and the other one for offline. My concern is if the field can still be filled in or not even if its not available on either form. A Product isn’t suppose to belong an online and offline store at the same time.
Is this an OK thing to do? Is the field really gone or can a hacker still fill it out even if I don’t have the field available?
How you model your domain and UI is a separate concern from issues relating to hacking/security. It’s completely fine having more than one form per model if that’s what is required. You’re security issues should be addressed seperately from your domain model
I would recommend having a look at how you’ve modelled Products. Your product should only know about it’s attributes and that it belongs to a store(s). Let the Store class contain it’s offline/online status.
Also I think you’re doing too much on this form (it looks like you are creating stores on your product form). I would recommend having separate forms for store/product management and making the store field on product form a select list.
Migration
Model
Having the same form but with this element: