lib/mack/view_helpers/form_helpers.rb in mack-0.7.0.1 vs lib/mack/view_helpers/form_helpers.rb in mack-0.7.1

@@ -1,10 +1,23 @@
 module Mack
   module ViewHelpers # :nodoc:
     # A useful collection of helpers for forms.
     module FormHelpers
       
+      #
+      # Get the secret token to be added in an HTML form.
+      # This is to ensure that your form is valid.
+      # 
+      # Only call this method if you generate the form manually.
+      # If you use the form() method to generate your form, then
+      # the authenticity token is already included in your form.
+      #
+      def form_authenticity_field
+        str = %{<input type="hidden" name="__authenticity_token" value="#{Mack::Utils::AuthenticityTokenDispenser.instance.dispense_token(request.session.id)}" />}
+      end
+        
+      
       # Examples:
       #   <% form(users_create_url) do -%>
       #     # form stuff here...
       #   <% end -%>
       # 
@@ -29,32 +42,65 @@
           meth = "<input name=\"_method\" type=\"hidden\" value=\"#{options[:method]}\" />\n"
           options[:method] = :post
         end
         concat("<form#{build_options(options)}>\n", block.binding)
         concat(meth, block.binding) unless meth.blank?
+        concat(form_authenticity_field, block.binding) if !app_config.mack.disable_forgery_detector
         yield
         concat("\n</form>", block.binding)
         # content_tag(:form, options, &block)
       end
       
       # Generates a button with a form around it and will set the request method to delete.
       def delete_button(url, value = "Delete", form_options = {}, button_options = {})
-        if button_options[:confirm]
-          button_options[:onclick] = "if (confirm('#{button_options[:confirm]}')) {submit();}; return false;"
-          button_options.delete(:confirm)
-        end
         t = "\n" << hidden_field(:_method, :value => :delete)
         t << "\n" << submit_button(value, button_options)
         t << "\n"
         content_tag(:form, {:action => url, :method => :post}.merge(form_options), t)
       end
       
-      alias_deprecated_method :submit_tag, :submit_button, '0.7.0'
-      
       # Examples:
       #   <%= submit_button %> # => <input type="submit" value="Submit" />
       #   <%= submit_button "Login" %> # => <input type="submit" value="Login" />
+      #   You can disable the button after clicking it. In essence, this will work as follows:
+      #   <%= submit_button "Login", :disable_with => "Please wait..." %> 
+      #    # => <input type="submit" value="Login" onclick="this.disabled=true;this.value='Please wait...';this.form.submit();" />
+      #  Even though :disable_with will work on the onclick parameter, you can add your own onclick behaviour to the mix, as follows:
+      #  <%= submit_button "Login", :disable_with => "Please wait...", :onclick => "alert('test')" %> 
+      #    # => <input type="submit" value="Login" onclick="this.disabled=true;this.value='Please wait...';alert('test');this.form.submit();" />
+      #
+      # Please note that if the form.submit() returns false the button's value will be restored to 
+      # its initial value. This behaviour is acheived through the injection of a couple bits of JS 
+      # into the onlick existing parameter. These bits are injected after the disabled value, and 
+      # all existing onclick behaviour that you define in the :onlick option. The included JS bits 
+      # are as follows:
+      #   "result = (this.form.onsubmit ? (this.form.onsubmit() ? this.form.submit() : false) : this.form.submit())",
+      #   "if (result == false) { this.value = this.getAttribute('originalValue'); this.disabled = false }",
+      #   "return result;"
       def submit_button(value = "Submit", options = {}, *original_args)
+        if options[:confirm]
+          onclick = "if (confirm('#{options.delete(:confirm)}')) {submit();}; return false;"
+          onclick << ";#{options.delete(:onclick)}" if options.has_key?(:onclick)
+          options[:onclick] = onclick
+        end
+        # processing the disable with option, which will be embebed in the onclick parameter.
+        if disable_with = options.delete(:disable_with)
+          disable_with = "this.innerHTML='#{disable_with}'"
+          
+          # Making sure that we keep the content of the onclick option, should it exist.
+          disable_with << ";#{options.delete(:onclick)}" if options.has_key?(:onclick)
+          
+          # Setting the onlick option.
+          options[:onclick] = [
+            "this.setAttribute('originalValue', this.innerHTML)",
+            "this.disabled=true",
+            disable_with,
+            "result = (this.form.onsubmit ? (this.form.onsubmit() ? this.form.submit() : false) : this.form.submit())",
+            "if (result == false) { this.innerHTML = this.getAttribute('originalValue'); this.disabled = false }",
+            "return result;",
+          ].join(";")
+        end
+        
         # non_content_tag(:input, {:type => :submit, :value => value}.merge(options))
         content_tag(:button, {:type => :submit}.merge(options), value)
       end
       
       # Examples:
\ No newline at end of file