0
@@ -1,5 +1,7 @@
0
 *SVN*
0
 
0
+* Added Verifications that allows you to specify preconditions to actions in form of statements like <tt>verify :only => :update_post, :params => "admin_privileges", :redirect_to => { :action => "settings" }</tt>, which ensure that the update_post action is only called if admin_privileges is available as a parameter -- otherwise the user is redirected to settings. #897 [Jamis Buck]
0
+
0
 * Fixed Form.Serialize for the JavascriptHelper to also seriliaze password fields #934 [dweitzman@gmail.com]
0
 
0
 * Added JavascriptHelper#escape_javascript as a public method (was private) and made it escape both single and double quotes and new lines #940 [mortonda@dgrmm.net]

0
@@ -46,6 +46,7 @@
0
 require 'action_controller/cgi_process'
0
 require 'action_controller/caching'
0
 require 'action_controller/components'
0
+require 'action_controller/verification'
0
 
0
 require 'action_view'
0
 ActionController::Base.template_class = ActionView::Base
0
@@ -64,5 +65,6 @@
0
   include ActionController::Session
0
   include ActionController::Caching
0
   include ActionController::Components
0
+  include ActionController::Verification
0
 end

0
@@ -1 +1,80 @@
0
+module ActionController #:nodoc:
0
+
0
+  # This module provides a class-level method for specifying that certain
0
+  # actions are guarded against being called without certain prerequisites
0
+  # being met. This is essentially a special kind of before_filter.
0
+  #
0
+  # An action may be guarded against being invoked without certain request
0
+  # parameters being set, or without certain session values existing.
0
+  #
0
+  # When a verification is violated, values may be inserted into the flash, and
0
+  # a specified redirection is triggered.
0
+  #
0
+  # Usage:
0
+  #
0
+  #   class GlobalController < ActionController::Base
0
+  #     # prevent the #update_settings action from being invoked unless
0
+  #     # the 'admin_privileges' request parameter exists.
0
+  #     verify :params => "admin_privileges", :only => :update_post
0
+  #            :redirect_to => { :action => "settings" }
0
+  #
0
+  #     # disallow a post from being updated if there was no information
0
+  #     # submitted with the post, and if there is no active post in the
0
+  #     # session, and if there is no "note" key in the flash.
0
+  #     verify :params => "post", :session => "post", "flash" => "note",
0
+  #            :only => :update_post,
0
+  #            :add_flash => { "alert" => "Failed to create your message" },
0
+  #            :redirect_to => :category_url
0
+  #
0
+  module Verification
0
+    def self.append_features(base) #:nodoc:
0
+      super
0
+      base.extend(ClassMethods)
0
+    end
0
+
0
+    module ClassMethods
0
+      # Verify the given actions so that if certain prerequisites are not met,
0
+      # the user is redirected to a different action. The +options+ parameter
0
+      # is a hash consisting of the following key/value pairs:
0
+      #
0
+      # * <tt>:params</tt>: a single key or an array of keys that must
0
+      #   be in the @params hash in order for the action(s) to be safely
0
+      #   called.
0
+      # * <tt>:session</tt>: a single key or an array of keys that must
0
+      #   be in the @session in order for the action(s) to be safely called.
0
+      # * <tt>:flash</tt>: a single key or an array of keys that must
0
+      #   be in the flash in order for the action(s) to be safely called.
0
+      # * <tt>:add_flash</tt>: a hash of name/value pairs that should be merged
0
+      #   into the session's flash if the prerequisites cannot be satisfied.
0
+      # * <tt>:redirect_to</tt>: the redirection parameters to be used when
0
+      #   redirecting if the prerequisites cannot be satisfied.
0
+      # * <tt>:only</tt>: only apply this verification to the actions specified in
0
+      #   the associated array (may also be a single value).
0
+      # * <tt>:except</tt>: do not apply this verification to the actions specified in
0
+      #   the associated array (may also be a single value).
0
+      def verify(options={})
0
+        filter_opts = { :only => options[:only], :except => options[:except] }
0
+        before_filter(filter_opts) do |c|
0
+          c.send :verify_action, options
0
+        end
0
+      end
0
+    end
0
+
0
+    def verify_action(options) #:nodoc:
0
+      prereqs_invalid =
0
+        [*options[:params] ].find { |v| @params[v].nil?  } ||
0
+        [*options[:session]].find { |v| @session[v].nil? } ||
0
+        [*options[:flash]  ].find { |v| flash[v].nil?    }
0
+
0
+      if prereqs_invalid
0
+        flash.update(options[:add_flash]) if options[:add_flash]
0
+        redirect_to(options[:redirect_to])
0
+        return false
0
+      end
0
+
0
+      true
0
+    end
0
+    private :verify_action
0
+  end
0
+end

0
@@ -1 +1,138 @@
0
+require File.dirname(__FILE__) + '/../abstract_unit'
0
+
0
+class VerificationTest < Test::Unit::TestCase
0
+  class TestController < ActionController::Base
0
+    verify :only => :guarded_one, :params => "one",
0
+           :redirect_to => { :action => "unguarded" }
0
+
0
+    verify :only => :guarded_two, :params => %w( one two ),
0
+           :redirect_to => { :action => "unguarded" }
0
+
0
+    verify :only => :guarded_with_flash, :params => "one",
0
+           :add_flash => { "notice" => "prereqs failed" },
0
+           :redirect_to => { :action => "unguarded" }
0
+
0
+    verify :only => :guarded_in_session, :session => "one",
0
+           :redirect_to => { :action => "unguarded" }
0
+
0
+    verify :only => [:multi_one, :multi_two], :session => %w( one two ),
0
+           :redirect_to => { :action => "unguarded" }
0
+
0
+    def guarded_one
0
+      render_text "#{@params["one"]}"
0
+    end
0
+
0
+    def guarded_with_flash
0
+      render_text "#{@params["one"]}"
0
+    end
0
+
0
+    def guarded_two
0
+      render_text "#{@params["one"]}:#{@params["two"]}"
0
+    end
0
+
0
+    def guarded_in_session
0
+      render_text "#{@session["one"]}"
0
+    end
0
+
0
+    def multi_one
0
+      render_text "#{@session["one"]}:#{@session["two"]}"
0
+    end
0
+
0
+    def multi_two
0
+      render_text "#{@session["two"]}:#{@session["one"]}"
0
+    end
0
+
0
+    def unguarded
0
+      render_text "#{@params["one"]}"
0
+    end
0
+  end
0
+
0
+  def setup
0
+    @controller = TestController.new
0
+    @request    = ActionController::TestRequest.new
0
+    @response   = ActionController::TestResponse.new
0
+  end
0
+
0
+  def test_guarded_one_with_prereqs
0
+    process "guarded_one", "one" => "here"
0
+    assert_equal "here", @response.body
0
+  end
0
+
0
+  def test_guarded_one_without_prereqs
0
+    process "guarded_one"
0
+    assert_redirected_to :action => "unguarded"
0
+  end
0
+
0
+  def test_guarded_with_flash_with_prereqs
0
+    process "guarded_with_flash", "one" => "here"
0
+    assert_equal "here", @response.body
0
+    assert_flash_empty
0
+  end
0
+
0
+  def test_guarded_with_flash_without_prereqs
0
+    process "guarded_with_flash"
0
+    assert_redirected_to :action => "unguarded"
0
+    assert_flash_equal "prereqs failed", "notice"
0
+  end
0
+
0
+  def test_guarded_two_with_prereqs
0
+    process "guarded_two", "one" => "here", "two" => "there"
0
+    assert_equal "here:there", @response.body
0
+  end
0
+
0
+  def test_guarded_two_without_prereqs_one
0
+    process "guarded_two", "two" => "there"
0
+    assert_redirected_to :action => "unguarded"
0
+  end
0
+
0
+  def test_guarded_two_without_prereqs_two
0
+    process "guarded_two", "one" => "here"
0
+    assert_redirected_to :action => "unguarded"
0
+  end
0
+
0
+  def test_guarded_two_without_prereqs_both
0
+    process "guarded_two"
0
+    assert_redirected_to :action => "unguarded"
0
+  end
0
+
0
+  def test_unguarded_with_params
0
+    process "unguarded", "one" => "here"
0
+    assert_equal "here", @response.body
0
+  end
0
+
0
+  def test_unguarded_without_params
0
+    process "unguarded"
0
+    assert_equal "", @response.body
0
+  end
0
+
0
+  def test_guarded_in_session_with_prereqs
0
+    process "guarded_in_session", {}, "one" => "here"
0
+    assert_equal "here", @response.body
0
+  end
0
+
0
+  def test_guarded_in_session_without_prereqs
0
+    process "guarded_in_session"
0
+    assert_redirected_to :action => "unguarded"
0
+  end
0
+
0
+  def test_multi_one_with_prereqs
0
+    process "multi_one", {}, "one" => "here", "two" => "there"
0
+    assert_equal "here:there", @response.body
0
+  end
0
+
0
+  def test_multi_one_without_prereqs
0
+    process "multi_one"
0
+    assert_redirected_to :action => "unguarded"
0
+  end
0
+
0
+  def test_multi_two_with_prereqs
0
+    process "multi_two", {}, "one" => "here", "two" => "there"
0
+    assert_equal "there:here", @response.body
0
+  end
0
+
0
+  def test_multi_two_without_prereqs
0
+    process "multi_two"
0
+    assert_redirected_to :action => "unguarded"
0
+  end
0
+end