Edit: The Endless Mirror 2

How this page is built the gem renders it — this is all you write

The form is fully derived through simple_form. slug is read-only (editable: false); active is an input only for managers (editable: :manage — toggle admin); purchase_price is hidden from non-managers entirely (if: :manage). One permit list drives both the form and strong-params, so they can't drift.

app/models/book.rb 
crud_structure do
  attribute :slug,   editable: false      # read-only in the form
  attribute :active, editable: :manage    # an input only for managers
  attribute :purchase_price, if: :manage  # hidden from non-managers everywhere
  fieldset :form, %i[title subtitle slug blurb price purchase_price pages
                     published_on genre active publisher authors cover]
end
app/controllers/books_controller.rb 
def update
  @book.update(book_params) ? redirect_to(@book) : render(:edit, status: :unprocessable_entity)
end

def book_params
  params.require(:book).permit(*CrudComponents.permitted_attributes(Book, action: :update, ability: current_ability))
end
app/views/books/edit.html.erb 
<%= crud_form @book %>

Read more: Forms  ·  Permissions

Slug: the-endless-mirror-2
Active:
Remove