Added :method option to verify for ensuring that either GET, POST, etc is allowed #984 [Jamis Buck]

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@1060 5ecf4fe2-1ee6-0310-87b1-e25e094e27de

actionpack/CHANGELOG

@@ -1,5 +1,7 @@
 *SVN*
 
+* Added :method option to verify for ensuring that either GET, POST, etc is allowed #984 [Jamis Buck]
+
 * Added options to set cc, bcc, subject, and body for UrlHelper#mail_to #966 [DeLynn]
 
 * Fixed include_blank for select_hour/minute/second #527 [edward@debian.org]

actionpack/lib/action_controller/verification.rb

@@ -44,14 +44,18 @@ module ActionController #:nodoc:
       #   be in the @session in order for the action(s) to be safely called.
       # * <tt>:flash</tt>: a single key or an array of keys that must
       #   be in the flash in order for the action(s) to be safely called.
+      # * <tt>:method</tt>: a single key or an array of keys--any one of which
+      #   must match the current request method in order for the action(s) to
+      #   be safely called. (The key should be a symbol: <tt>:get</tt> or
+      #   <tt>:post</tt>, for example.)
       # * <tt>:add_flash</tt>: a hash of name/value pairs that should be merged
       #   into the session's flash if the prerequisites cannot be satisfied.
       # * <tt>:redirect_to</tt>: the redirection parameters to be used when
       #   redirecting if the prerequisites cannot be satisfied.
-      # * <tt>:only</tt>: only apply this verification to the actions specified in
-      #   the associated array (may also be a single value).
-      # * <tt>:except</tt>: do not apply this verification to the actions specified in
-      #   the associated array (may also be a single value).
+      # * <tt>:only</tt>: only apply this verification to the actions specified
+      #   in the associated array (may also be a single value).
+      # * <tt>:except</tt>: do not apply this verification to the actions
+      #   specified in the associated array (may also be a single value).
       def verify(options={})
         filter_opts = { :only => options[:only], :except => options[:except] }
         before_filter(filter_opts) do |c|
@@ -65,6 +69,11 @@ module ActionController #:nodoc:
         [*options[:params] ].find { |v| @params[v].nil?  } ||
         [*options[:session]].find { |v| @session[v].nil? } ||
         [*options[:flash]  ].find { |v| flash[v].nil?    }
+      
+      if !prereqs_invalid && options[:method]
+        prereqs_invalid ||= 
+          [*options[:method]].all? { |v| @request.method != v.to_sym }
+      end
 
       if prereqs_invalid
         flash.update(options[:add_flash]) if options[:add_flash]

actionpack/test/controller/verification_test.rb

@@ -18,6 +18,9 @@ class VerificationTest < Test::Unit::TestCase
     verify :only => [:multi_one, :multi_two], :session => %w( one two ),
            :redirect_to => { :action => "unguarded" }
 
+    verify :only => :guarded_by_method, :method => :post,
+           :redirect_to => { :action => "unguarded" }
+
     def guarded_one
       render_text "#{@params["one"]}"
     end
@@ -42,9 +45,15 @@ class VerificationTest < Test::Unit::TestCase
       render_text "#{@session["two"]}:#{@session["one"]}"
     end
 
+    def guarded_by_method
+      render_text "#{@request.method}"
+    end
+
     def unguarded
       render_text "#{@params["one"]}"
     end
+
+    def rescue_action(e) raise end
   end
 
   def setup
@@ -134,4 +143,16 @@ class VerificationTest < Test::Unit::TestCase
     process "multi_two"
     assert_redirected_to :action => "unguarded"
   end
+
+  def test_guarded_by_method_with_prereqs
+    @request.env["REQUEST_METHOD"] = "POST"
+    process "guarded_by_method"
+    assert_equal "post", @response.body
+  end
+
+  def test_guarded_by_method_without_prereqs
+    @request.env["REQUEST_METHOD"] = "GET"
+    process "guarded_by_method"
+    assert_redirected_to :action => "unguarded"
+  end
 end