So I've got a simple link dropdown on each of my group-event pages, like so:
<https://lh5.googleusercontent.com/-dgm_TWTUcOw/UBPs4ll7nKI/AAAAAAAAAB0/t8wlgPYE5qY/s1600/attend.PNG> I have a table called `rsvp_list` with reference fields: `event_id` and `user_id`, and an `rsvp` field requiring `IS_IN_SET(["Yes", "Maybe", "No"])`. One way I can make the above work is by appending the value for `event_id`, `user_id` and `rsvp` automatically, through global function calls or a specialised controller utilising `request.args`. Unfortunately this means that anyone who has figure out my URL schema can simply enter the ID of someone else into the URL, forging an RSVP. What's a better way of doing this? Thanks for all suggestions, Alec Taylor --
