Refactored ActionController::Verification and improved docs (closes #10681) [jamesh]

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8543 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
2022-11-09 12:12:34 -05:00 · 2008-01-03 15:49:59 +00:00 · 2008-01-03 15:49:59 +00:00 · 32876476a7
commit 32876476a7
parent e2e98ef0b8
1 changed files with 74 additions and 58 deletions
--- a/actionpack/lib/action_controller/verification.rb
+++ b/actionpack/lib/action_controller/verification.rb
@ -43,72 +43,88 @@ module ActionController #:nodoc:
      # the user is redirected to a different action. The +options+ parameter
      # is a hash consisting of the following key/value pairs:
      #
-      # * <tt>:params</tt> - a single key or an array of keys that must
-      #   be in the <tt>params</tt> hash in order for the action(s) to be safely
-      #   called.
-      # * <tt>:session</tt> - a single key or an array of keys that must
-      #   be in the <tt>session</tt> in order for the action(s) to be safely called.
-      # * <tt>:flash</tt> - a single key or an array of keys that must
-      #   be in the flash in order for the action(s) to be safely called.
-      # * <tt>:method</tt> - a single key or an array of keys--any one of which
-      #   must match the current request method in order for the action(s) to
-      #   be safely called. (The key should be a symbol: <tt>:get</tt> or
-      #   <tt>:post</tt>, for example.)
-      # * <tt>:xhr</tt> - true/false option to ensure that the request is coming
-      #   from an Ajax call or not. 
-      # * <tt>:add_flash</tt> - a hash of name/value pairs that should be merged
-      #   into the session's flash if the prerequisites cannot be satisfied.
-      # * <tt>:add_headers</tt> - a hash of name/value pairs that should be
-      #   merged into the response's headers hash if the prerequisites cannot
-      #   be satisfied.
-      # * <tt>:redirect_to</tt> - the redirection parameters to be used when
-      #   redirecting if the prerequisites cannot be satisfied. You can 
-      #   redirect either to named route or to the action in some controller.
-      # * <tt>:render</tt> - the render parameters to be used when
-      #   the prerequisites cannot be satisfied.
-      # * <tt>:only</tt> - only apply this verification to the actions specified
-      #   in the associated array (may also be a single value).
-      # * <tt>:except</tt> - do not apply this verification to the actions
-      #   specified in the associated array (may also be a single value).
+      # <tt>:params</tt>:: 
+      #   a single key or an array of keys that must be in the <tt>params</tt> 
+      #   hash in order for the action(s) to be safely called.
+      # <tt>:session</tt>:: 
+      #   a single key or an array of keys that must be in the <tt>session</tt> 
+      #   in order for the action(s) to be safely called.
+      # <tt>:flash</tt>:: 
+      #   a single key or an array of keys that must be in the flash in order 
+      #   for the action(s) to be safely called.
+      # <tt>:method</tt>:: 
+      #   a single key or an array of keys--any one of which must match the 
+      #   current request method in order for the action(s) to be safely called. 
+      #   (The key should be a symbol: <tt>:get</tt> or <tt>:post</tt>, for 
+      #   example.)
+      # <tt>:xhr</tt>:: 
+      #   true/false option to ensure that the request is coming from an Ajax 
+      #   call or not. 
+      # <tt>:add_flash</tt>:: 
+      #   a hash of name/value pairs that should be merged into the session's 
+      #   flash if the prerequisites cannot be satisfied.
+      # <tt>:add_headers</tt>:: 
+      #   a hash of name/value pairs that should be merged into the response's 
+      #   headers hash if the prerequisites cannot be satisfied.
+      # <tt>:redirect_to</tt>:: 
+      #   the redirection parameters to be used when redirecting if the 
+      #   prerequisites cannot be satisfied. You can redirect either to named 
+      #   route or to the action in some controller.
+      # <tt>:render</tt>:: 
+      #   the render parameters to be used when the prerequisites cannot be satisfied.
+      # <tt>:only</tt>:: 
+      #   only apply this verification to the actions specified in the associated 
+      #   array (may also be a single value).
+      # <tt>:except</tt>:: 
+      #   do not apply this verification to the actions specified in the associated 
+      #   array (may also be a single value).
      def verify(options={})
-        filter_opts = { :only => options[:only], :except => options[:except] }
-        before_filter(filter_opts) do |c|
+        before_filter :only => options[:only], :except => options[:except] do |c|
          c.send! :verify_action, options
        end
      end
    end

-    def verify_action(options) #:nodoc:
-      prereqs_invalid =
-        [*options[:params] ].find { |v| params[v].nil?  } ||
-        [*options[:session]].find { |v| session[v].nil? } ||
-        [*options[:flash]  ].find { |v| flash[v].nil?   }
-      
-      if !prereqs_invalid && options[:method]
-        prereqs_invalid ||= 
-          [*options[:method]].all? { |v| request.method != v.to_sym }
-      end
-      
-      prereqs_invalid ||= (request.xhr? != options[:xhr]) unless options[:xhr].nil?
-      
-      if prereqs_invalid
-        flash.update(options[:add_flash]) if options[:add_flash]
-        response.headers.update(options[:add_headers]) if options[:add_headers]
+  private

-        unless performed?
-          case
-          when options[:render]
-            render(options[:render])
-          when options[:redirect_to]
-            options[:redirect_to] = self.send!(options[:redirect_to]) if options[:redirect_to].is_a?(Symbol)
-            redirect_to(options[:redirect_to])
-          else
-            head(:bad_request)
-          end
-        end
+    def verify_action(options) #:nodoc:
+      if prereqs_invalid?(options)
+        flash.update(options[:add_flash])              if options[:add_flash]
+        response.headers.update(options[:add_headers]) if options[:add_headers]
+        apply_remaining_actions(options)               unless performed?
+      end
+    end
+    
+    def prereqs_invalid?(options) # :nodoc:
+      verify_presence_of_keys_in_hash_flash_or_params(options) || 
+      verify_method(options) || 
+      verify_request_xhr_status(options)
+    end
+ 
+    def verify_presence_of_keys_in_hash_flash_or_params(options) # :nodoc:
+      [*options[:params] ].find { |v| params[v].nil?  } ||
+      [*options[:session]].find { |v| session[v].nil? } ||
+      [*options[:flash]  ].find { |v| flash[v].nil?   }
+    end
+    
+    def verify_method(options) # :nodoc:
+      [*options[:method]].all? { |v| request.method != v.to_sym } if options[:method]
+    end
+    
+    def verify_request_xhr_status(options) # :nodoc:
+      request.xhr? != options[:xhr] unless options[:xhr].nil?
+    end
+    
+    def apply_redirect_to(redirect_to_option) # :nodoc:
+      redirect_to_option.is_a?(Symbol) ? self.send!(redirect_to_option) : redirect_to_option
+    end
+    
+    def apply_remaining_actions(options) # :nodoc:
+      case
+        when options[:render]      ; render(options[:render])
+        when options[:redirect_to] ; redirect_to(apply_redirect_to(options[:redirect_to]))
+        else head(:bad_request)
      end
    end
-
-    private :verify_action
  end
 end