test/test_helper.rb @@ -1,2 +1,2 @@ ActionController::Base.send :include, InPlaceEditing -ActionController::Base.helper InPlaceMacrosHelper +ActionController::Base.helper InPlaceMacrosHelper \ No newline at end of file init.rb @@ -40,6 +40,12 @@ module InPlaceMacrosHelper function << "'#{url_for(options[:url])}'" js_options = {} + + if protect_against_forgery? + options[:with] ||= "Form.serialize(form)" + options[:with] += " + '&authenticity_token=' + encodeURIComponent('#{form_authenticity_token}')" + end + js_options['cancelText'] = %('#{options[:cancel_text]}') if options[:cancel_text] js_options['okText'] = %('#{options[:save_text]}') if options[:save_text] js_options['loadingText'] = %('#{options[:loading_text]}') if options[:loading_text] @@ -50,9 +56,10 @@ module InPlaceMacrosHelper js_options['externalControl'] = "'#{options[:external_control]}'" if options[:external_control] js_options['loadTextURL'] = "'#{url_for(options[:load_text_url])}'" if options[:load_text_url] js_options['ajaxOptions'] = options[:options] if options[:options] - js_options['evalScripts'] = options[:script] if options[:script] + js_options['htmlResponse'] = !options[:script] if options[:script] js_options['callback'] = "function(form) { return #{options[:with]} }" if options[:with] js_options['clickToEditText'] = %('#{options[:click_to_edit_text]}') if options[:click_to_edit_text] + js_options['textBetweenControls'] = %('#{options[:text_between_controls]}') if options[:text_between_controls] function << (', ' + options_for_javascript(js_options)) unless js_options.empty? function << ')' lib/in_place_macros_helper.rb @@ -1,5 +1,4 @@ -require File.expand_path(File.join(File.dirname(__FILE__), '../../../../test/test_helper')) -require 'test/unit' +require File.expand_path(File.dirname(__FILE__) + "/test_helper") class InPlaceEditingTest < Test::Unit::TestCase include InPlaceEditing @@ -20,8 +19,13 @@ class InPlaceEditingTest < Test::Unit::TestCase end end @controller = @controller.new + @protect_against_forgery = false end - + + def protect_against_forgery? + @protect_against_forgery + end + def test_in_place_editor_external_control assert_dom_equal %(<script type=\"text/javascript\">\n//<![CDATA[\nnew Ajax.InPlaceEditor('some_input', 'http://www.example.com/inplace_edit', {externalControl:'blah'})\n//]]>\n</script>), in_place_editor('some_input', {:url => {:action => 'inplace_edit'}, :external_control => 'blah'}) @@ -59,11 +63,27 @@ class InPlaceEditingTest < Test::Unit::TestCase :load_text_url => { :action => "action_to_get_value" }) end - def test_in_place_editor_eval_scripts - assert_match "Ajax.InPlaceEditor('id-goes-here', 'http://www.example.com/action_to_set_value', {evalScripts:true})", + def test_in_place_editor_html_response + assert_match "Ajax.InPlaceEditor('id-goes-here', 'http://www.example.com/action_to_set_value', {htmlResponse:false})", in_place_editor( 'id-goes-here', :url => { :action => "action_to_set_value" }, :script => true ) end + def form_authenticity_token + "authenticity token" + end + + def test_in_place_editor_with_forgery_protection + @protect_against_forgery = true + assert_match "Ajax.InPlaceEditor('id-goes-here', 'http://www.example.com/action_to_set_value', {callback:function(form) { return Form.serialize(form) + '&authenticity_token=' + encodeURIComponent('authenticity token') }})", + in_place_editor( 'id-goes-here', :url => { :action => "action_to_set_value" }) + end + + def test_in_place_editor_text_between_controls + assert_match "Ajax.InPlaceEditor('id-goes-here', 'http://www.example.com/action_to_set_value', {textBetweenControls:'or'})", + in_place_editor( 'id-goes-here', + :url => { :action => "action_to_set_value" }, + :text_between_controls => "or" ) + end end \ No newline at end of file test/in_place_editing_test.rb 81bee9dd39d36b0bc268465a6d37c76e6423c891 Jose Fernandez jose@umn.edu http://github.com/rails/in_place_editing/commit/afb68bba782f8ae0ea56494f200f1fe9c811e164 afb68bba782f8ae0ea56494f200f1fe9c811e164 2008-07-07T14:15:40-07:00 2008-07-02T14:09:03-07:00 Make the plugin work with RequestForgeryProtection and update deprecated prototype code. Signed-off-by: Pratik Naik <pratiknaik@gmail.com> a3cf8e305391cfb743ce7dc2386e446464530aa9 Pratik Naik pratiknaik@gmail.com