mirror of
https://github.com/rails/rails.git
synced 2022-11-09 12:12:34 -05:00
Refactored ActionController::Verification and improved docs (closes #10681) [jamesh]
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8543 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
This commit is contained in:
parent
e2e98ef0b8
commit
32876476a7
1 changed files with 74 additions and 58 deletions
|
@ -43,72 +43,88 @@ module ActionController #:nodoc:
|
|||
# the user is redirected to a different action. The +options+ parameter
|
||||
# is a hash consisting of the following key/value pairs:
|
||||
#
|
||||
# * <tt>:params</tt> - a single key or an array of keys that must
|
||||
# be in the <tt>params</tt> hash in order for the action(s) to be safely
|
||||
# called.
|
||||
# * <tt>:session</tt> - a single key or an array of keys that must
|
||||
# be in the <tt>session</tt> in order for the action(s) to be safely called.
|
||||
# * <tt>:flash</tt> - a single key or an array of keys that must
|
||||
# be in the flash in order for the action(s) to be safely called.
|
||||
# * <tt>:method</tt> - a single key or an array of keys--any one of which
|
||||
# must match the current request method in order for the action(s) to
|
||||
# be safely called. (The key should be a symbol: <tt>:get</tt> or
|
||||
# <tt>:post</tt>, for example.)
|
||||
# * <tt>:xhr</tt> - true/false option to ensure that the request is coming
|
||||
# from an Ajax call or not.
|
||||
# * <tt>:add_flash</tt> - a hash of name/value pairs that should be merged
|
||||
# into the session's flash if the prerequisites cannot be satisfied.
|
||||
# * <tt>:add_headers</tt> - a hash of name/value pairs that should be
|
||||
# merged into the response's headers hash if the prerequisites cannot
|
||||
# be satisfied.
|
||||
# * <tt>:redirect_to</tt> - the redirection parameters to be used when
|
||||
# redirecting if the prerequisites cannot be satisfied. You can
|
||||
# redirect either to named route or to the action in some controller.
|
||||
# * <tt>:render</tt> - the render parameters to be used when
|
||||
# the prerequisites cannot be satisfied.
|
||||
# * <tt>:only</tt> - only apply this verification to the actions specified
|
||||
# in the associated array (may also be a single value).
|
||||
# * <tt>:except</tt> - do not apply this verification to the actions
|
||||
# specified in the associated array (may also be a single value).
|
||||
# <tt>:params</tt>::
|
||||
# a single key or an array of keys that must be in the <tt>params</tt>
|
||||
# hash in order for the action(s) to be safely called.
|
||||
# <tt>:session</tt>::
|
||||
# a single key or an array of keys that must be in the <tt>session</tt>
|
||||
# in order for the action(s) to be safely called.
|
||||
# <tt>:flash</tt>::
|
||||
# a single key or an array of keys that must be in the flash in order
|
||||
# for the action(s) to be safely called.
|
||||
# <tt>:method</tt>::
|
||||
# a single key or an array of keys--any one of which must match the
|
||||
# current request method in order for the action(s) to be safely called.
|
||||
# (The key should be a symbol: <tt>:get</tt> or <tt>:post</tt>, for
|
||||
# example.)
|
||||
# <tt>:xhr</tt>::
|
||||
# true/false option to ensure that the request is coming from an Ajax
|
||||
# call or not.
|
||||
# <tt>:add_flash</tt>::
|
||||
# a hash of name/value pairs that should be merged into the session's
|
||||
# flash if the prerequisites cannot be satisfied.
|
||||
# <tt>:add_headers</tt>::
|
||||
# a hash of name/value pairs that should be merged into the response's
|
||||
# headers hash if the prerequisites cannot be satisfied.
|
||||
# <tt>:redirect_to</tt>::
|
||||
# the redirection parameters to be used when redirecting if the
|
||||
# prerequisites cannot be satisfied. You can redirect either to named
|
||||
# route or to the action in some controller.
|
||||
# <tt>:render</tt>::
|
||||
# the render parameters to be used when the prerequisites cannot be satisfied.
|
||||
# <tt>:only</tt>::
|
||||
# only apply this verification to the actions specified in the associated
|
||||
# array (may also be a single value).
|
||||
# <tt>:except</tt>::
|
||||
# do not apply this verification to the actions specified in the associated
|
||||
# array (may also be a single value).
|
||||
def verify(options={})
|
||||
filter_opts = { :only => options[:only], :except => options[:except] }
|
||||
before_filter(filter_opts) do |c|
|
||||
before_filter :only => options[:only], :except => options[:except] do |c|
|
||||
c.send! :verify_action, options
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def verify_action(options) #:nodoc:
|
||||
prereqs_invalid =
|
||||
if prereqs_invalid?(options)
|
||||
flash.update(options[:add_flash]) if options[:add_flash]
|
||||
response.headers.update(options[:add_headers]) if options[:add_headers]
|
||||
apply_remaining_actions(options) unless performed?
|
||||
end
|
||||
end
|
||||
|
||||
def prereqs_invalid?(options) # :nodoc:
|
||||
verify_presence_of_keys_in_hash_flash_or_params(options) ||
|
||||
verify_method(options) ||
|
||||
verify_request_xhr_status(options)
|
||||
end
|
||||
|
||||
def verify_presence_of_keys_in_hash_flash_or_params(options) # :nodoc:
|
||||
[*options[:params] ].find { |v| params[v].nil? } ||
|
||||
[*options[:session]].find { |v| session[v].nil? } ||
|
||||
[*options[:flash] ].find { |v| flash[v].nil? }
|
||||
|
||||
if !prereqs_invalid && options[:method]
|
||||
prereqs_invalid ||=
|
||||
[*options[:method]].all? { |v| request.method != v.to_sym }
|
||||
end
|
||||
|
||||
prereqs_invalid ||= (request.xhr? != options[:xhr]) unless options[:xhr].nil?
|
||||
def verify_method(options) # :nodoc:
|
||||
[*options[:method]].all? { |v| request.method != v.to_sym } if options[:method]
|
||||
end
|
||||
|
||||
if prereqs_invalid
|
||||
flash.update(options[:add_flash]) if options[:add_flash]
|
||||
response.headers.update(options[:add_headers]) if options[:add_headers]
|
||||
def verify_request_xhr_status(options) # :nodoc:
|
||||
request.xhr? != options[:xhr] unless options[:xhr].nil?
|
||||
end
|
||||
|
||||
unless performed?
|
||||
def apply_redirect_to(redirect_to_option) # :nodoc:
|
||||
redirect_to_option.is_a?(Symbol) ? self.send!(redirect_to_option) : redirect_to_option
|
||||
end
|
||||
|
||||
def apply_remaining_actions(options) # :nodoc:
|
||||
case
|
||||
when options[:render]
|
||||
render(options[:render])
|
||||
when options[:redirect_to]
|
||||
options[:redirect_to] = self.send!(options[:redirect_to]) if options[:redirect_to].is_a?(Symbol)
|
||||
redirect_to(options[:redirect_to])
|
||||
else
|
||||
head(:bad_request)
|
||||
when options[:render] ; render(options[:render])
|
||||
when options[:redirect_to] ; redirect_to(apply_redirect_to(options[:redirect_to]))
|
||||
else head(:bad_request)
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
private :verify_action
|
||||
end
|
||||
end
|
Loading…
Reference in a new issue