1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00

Refactored ActionController::Verification and improved docs (closes #10681) [jamesh]

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8543 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
This commit is contained in:
David Heinemeier Hansson 2008-01-03 15:49:59 +00:00
parent e2e98ef0b8
commit 32876476a7

View file

@ -43,72 +43,88 @@ module ActionController #:nodoc:
# the user is redirected to a different action. The +options+ parameter
# is a hash consisting of the following key/value pairs:
#
# * <tt>:params</tt> - a single key or an array of keys that must
# be in the <tt>params</tt> hash in order for the action(s) to be safely
# called.
# * <tt>:session</tt> - a single key or an array of keys that must
# be in the <tt>session</tt> in order for the action(s) to be safely called.
# * <tt>:flash</tt> - a single key or an array of keys that must
# be in the flash in order for the action(s) to be safely called.
# * <tt>:method</tt> - a single key or an array of keys--any one of which
# must match the current request method in order for the action(s) to
# be safely called. (The key should be a symbol: <tt>:get</tt> or
# <tt>:post</tt>, for example.)
# * <tt>:xhr</tt> - true/false option to ensure that the request is coming
# from an Ajax call or not.
# * <tt>:add_flash</tt> - a hash of name/value pairs that should be merged
# into the session's flash if the prerequisites cannot be satisfied.
# * <tt>:add_headers</tt> - a hash of name/value pairs that should be
# merged into the response's headers hash if the prerequisites cannot
# be satisfied.
# * <tt>:redirect_to</tt> - the redirection parameters to be used when
# redirecting if the prerequisites cannot be satisfied. You can
# redirect either to named route or to the action in some controller.
# * <tt>:render</tt> - the render parameters to be used when
# the prerequisites cannot be satisfied.
# * <tt>:only</tt> - only apply this verification to the actions specified
# in the associated array (may also be a single value).
# * <tt>:except</tt> - do not apply this verification to the actions
# specified in the associated array (may also be a single value).
# <tt>:params</tt>::
# a single key or an array of keys that must be in the <tt>params</tt>
# hash in order for the action(s) to be safely called.
# <tt>:session</tt>::
# a single key or an array of keys that must be in the <tt>session</tt>
# in order for the action(s) to be safely called.
# <tt>:flash</tt>::
# a single key or an array of keys that must be in the flash in order
# for the action(s) to be safely called.
# <tt>:method</tt>::
# a single key or an array of keys--any one of which must match the
# current request method in order for the action(s) to be safely called.
# (The key should be a symbol: <tt>:get</tt> or <tt>:post</tt>, for
# example.)
# <tt>:xhr</tt>::
# true/false option to ensure that the request is coming from an Ajax
# call or not.
# <tt>:add_flash</tt>::
# a hash of name/value pairs that should be merged into the session's
# flash if the prerequisites cannot be satisfied.
# <tt>:add_headers</tt>::
# a hash of name/value pairs that should be merged into the response's
# headers hash if the prerequisites cannot be satisfied.
# <tt>:redirect_to</tt>::
# the redirection parameters to be used when redirecting if the
# prerequisites cannot be satisfied. You can redirect either to named
# route or to the action in some controller.
# <tt>:render</tt>::
# the render parameters to be used when the prerequisites cannot be satisfied.
# <tt>:only</tt>::
# only apply this verification to the actions specified in the associated
# array (may also be a single value).
# <tt>:except</tt>::
# do not apply this verification to the actions specified in the associated
# array (may also be a single value).
def verify(options={})
filter_opts = { :only => options[:only], :except => options[:except] }
before_filter(filter_opts) do |c|
before_filter :only => options[:only], :except => options[:except] do |c|
c.send! :verify_action, options
end
end
end
private
def verify_action(options) #:nodoc:
prereqs_invalid =
if prereqs_invalid?(options)
flash.update(options[:add_flash]) if options[:add_flash]
response.headers.update(options[:add_headers]) if options[:add_headers]
apply_remaining_actions(options) unless performed?
end
end
def prereqs_invalid?(options) # :nodoc:
verify_presence_of_keys_in_hash_flash_or_params(options) ||
verify_method(options) ||
verify_request_xhr_status(options)
end
def verify_presence_of_keys_in_hash_flash_or_params(options) # :nodoc:
[*options[:params] ].find { |v| params[v].nil? } ||
[*options[:session]].find { |v| session[v].nil? } ||
[*options[:flash] ].find { |v| flash[v].nil? }
if !prereqs_invalid && options[:method]
prereqs_invalid ||=
[*options[:method]].all? { |v| request.method != v.to_sym }
end
prereqs_invalid ||= (request.xhr? != options[:xhr]) unless options[:xhr].nil?
def verify_method(options) # :nodoc:
[*options[:method]].all? { |v| request.method != v.to_sym } if options[:method]
end
if prereqs_invalid
flash.update(options[:add_flash]) if options[:add_flash]
response.headers.update(options[:add_headers]) if options[:add_headers]
def verify_request_xhr_status(options) # :nodoc:
request.xhr? != options[:xhr] unless options[:xhr].nil?
end
unless performed?
def apply_redirect_to(redirect_to_option) # :nodoc:
redirect_to_option.is_a?(Symbol) ? self.send!(redirect_to_option) : redirect_to_option
end
def apply_remaining_actions(options) # :nodoc:
case
when options[:render]
render(options[:render])
when options[:redirect_to]
options[:redirect_to] = self.send!(options[:redirect_to]) if options[:redirect_to].is_a?(Symbol)
redirect_to(options[:redirect_to])
else
head(:bad_request)
when options[:render] ; render(options[:render])
when options[:redirect_to] ; redirect_to(apply_redirect_to(options[:redirect_to]))
else head(:bad_request)
end
end
end
end
private :verify_action
end
end