Permalink
Browse files

Make the plugin work with RequestForgeryProtection and update depreca…

…ted prototype code.

Signed-off-by: Pratik Naik <pratiknaik@gmail.com>
  • Loading branch information...
Jose Fernandez authored and lifo committed Jul 2, 2008
1 parent 81bee9d commit afb68bba782f8ae0ea56494f200f1fe9c811e164
Showing with 42 additions and 7 deletions.
  1. +1 −1 init.rb
  2. +8 −1 lib/in_place_macros_helper.rb
  3. +25 −5 test/in_place_editing_test.rb
  4. +8 −0 test/test_helper.rb
View
@@ -1,2 +1,2 @@
ActionController::Base.send :include, InPlaceEditing
-ActionController::Base.helper InPlaceMacrosHelper
+ActionController::Base.helper InPlaceMacrosHelper
@@ -40,6 +40,12 @@ def in_place_editor(field_id, options = {})
function << "'#{url_for(options[:url])}'"
js_options = {}
+
+ if protect_against_forgery?
+ options[:with] ||= "Form.serialize(form)"
+ options[:with] += " + '&authenticity_token=' + encodeURIComponent('#{form_authenticity_token}')"
+ end
+
js_options['cancelText'] = %('#{options[:cancel_text]}') if options[:cancel_text]
js_options['okText'] = %('#{options[:save_text]}') if options[:save_text]
js_options['loadingText'] = %('#{options[:loading_text]}') if options[:loading_text]
@@ -50,9 +56,10 @@ def in_place_editor(field_id, options = {})
js_options['externalControl'] = "'#{options[:external_control]}'" if options[:external_control]
js_options['loadTextURL'] = "'#{url_for(options[:load_text_url])}'" if options[:load_text_url]
js_options['ajaxOptions'] = options[:options] if options[:options]
- js_options['evalScripts'] = options[:script] if options[:script]
+ js_options['htmlResponse'] = !options[:script] if options[:script]
js_options['callback'] = "function(form) { return #{options[:with]} }" if options[:with]
js_options['clickToEditText'] = %('#{options[:click_to_edit_text]}') if options[:click_to_edit_text]
+ js_options['textBetweenControls'] = %('#{options[:text_between_controls]}') if options[:text_between_controls]
function << (', ' + options_for_javascript(js_options)) unless js_options.empty?
function << ')'
@@ -1,5 +1,4 @@
-require File.expand_path(File.join(File.dirname(__FILE__), '../../../../test/test_helper'))
-require 'test/unit'
+require File.expand_path(File.dirname(__FILE__) + "/test_helper")
class InPlaceEditingTest < Test::Unit::TestCase
include InPlaceEditing
@@ -20,8 +19,13 @@ def url_for(options)
end
end
@controller = @controller.new
+ @protect_against_forgery = false
end
-
+
+ def protect_against_forgery?
+ @protect_against_forgery
+ end
+
def test_in_place_editor_external_control
assert_dom_equal %(<script type=\"text/javascript\">\n//<![CDATA[\nnew Ajax.InPlaceEditor('some_input', 'http://www.example.com/inplace_edit', {externalControl:'blah'})\n//]]>\n</script>),
in_place_editor('some_input', {:url => {:action => 'inplace_edit'}, :external_control => 'blah'})
@@ -59,11 +63,27 @@ def test_in_place_editor_load_text_url
:load_text_url => { :action => "action_to_get_value" })
end
- def test_in_place_editor_eval_scripts
- assert_match "Ajax.InPlaceEditor('id-goes-here', 'http://www.example.com/action_to_set_value', {evalScripts:true})",
+ def test_in_place_editor_html_response
+ assert_match "Ajax.InPlaceEditor('id-goes-here', 'http://www.example.com/action_to_set_value', {htmlResponse:false})",
in_place_editor( 'id-goes-here',
:url => { :action => "action_to_set_value" },
:script => true )
end
+ def form_authenticity_token
+ "authenticity token"
+ end
+
+ def test_in_place_editor_with_forgery_protection
+ @protect_against_forgery = true
+ assert_match "Ajax.InPlaceEditor('id-goes-here', 'http://www.example.com/action_to_set_value', {callback:function(form) { return Form.serialize(form) + '&authenticity_token=' + encodeURIComponent('authenticity token') }})",
+ in_place_editor( 'id-goes-here', :url => { :action => "action_to_set_value" })
+ end
+
+ def test_in_place_editor_text_between_controls
+ assert_match "Ajax.InPlaceEditor('id-goes-here', 'http://www.example.com/action_to_set_value', {textBetweenControls:'or'})",
+ in_place_editor( 'id-goes-here',
+ :url => { :action => "action_to_set_value" },
+ :text_between_controls => "or" )
+ end
end
View
@@ -0,0 +1,8 @@
+$:.unshift(File.dirname(__FILE__) + '/../lib')
+
+require 'test/unit'
+require 'rubygems'
+require 'action_controller'
+require 'action_controller/assertions'
+require 'in_place_editing'
+require 'in_place_macros_helper'

0 comments on commit afb68bb

Please sign in to comment.