Permalink
Browse files

Added :method option to verify for ensuring that either GET, POST, et…

…c is allowed #984 [Jamis Buck]

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@1060 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
  • Loading branch information...
1 parent aec31cd commit 00121b2ca2f795d16b54295cb9fc0fdcbbe50dd8 @dhh dhh committed Apr 2, 2005
View
@@ -1,5 +1,7 @@
*SVN*
+* Added :method option to verify for ensuring that either GET, POST, etc is allowed #984 [Jamis Buck]
+
* Added options to set cc, bcc, subject, and body for UrlHelper#mail_to #966 [DeLynn]
* Fixed include_blank for select_hour/minute/second #527 [edward@debian.org]
@@ -44,14 +44,18 @@ module ClassMethods
# be in the @session in order for the action(s) to be safely called.
# * <tt>:flash</tt>: a single key or an array of keys that must
# be in the flash in order for the action(s) to be safely called.
+ # * <tt>:method</tt>: a single key or an array of keys--any one of which
+ # must match the current request method in order for the action(s) to
+ # be safely called. (The key should be a symbol: <tt>:get</tt> or
+ # <tt>:post</tt>, for example.)
# * <tt>:add_flash</tt>: a hash of name/value pairs that should be merged
# into the session's flash if the prerequisites cannot be satisfied.
# * <tt>:redirect_to</tt>: the redirection parameters to be used when
# redirecting if the prerequisites cannot be satisfied.
- # * <tt>:only</tt>: only apply this verification to the actions specified in
- # the associated array (may also be a single value).
- # * <tt>:except</tt>: do not apply this verification to the actions specified in
- # the associated array (may also be a single value).
+ # * <tt>:only</tt>: only apply this verification to the actions specified
+ # in the associated array (may also be a single value).
+ # * <tt>:except</tt>: do not apply this verification to the actions
+ # specified in the associated array (may also be a single value).
def verify(options={})
filter_opts = { :only => options[:only], :except => options[:except] }
before_filter(filter_opts) do |c|
@@ -65,6 +69,11 @@ def verify_action(options) #:nodoc:
[*options[:params] ].find { |v| @params[v].nil? } ||
[*options[:session]].find { |v| @session[v].nil? } ||
[*options[:flash] ].find { |v| flash[v].nil? }
+
+ if !prereqs_invalid && options[:method]
+ prereqs_invalid ||=
+ [*options[:method]].all? { |v| @request.method != v.to_sym }
+ end
if prereqs_invalid
flash.update(options[:add_flash]) if options[:add_flash]
@@ -18,6 +18,9 @@ class TestController < ActionController::Base
verify :only => [:multi_one, :multi_two], :session => %w( one two ),
:redirect_to => { :action => "unguarded" }
+ verify :only => :guarded_by_method, :method => :post,
+ :redirect_to => { :action => "unguarded" }
+
def guarded_one
render_text "#{@params["one"]}"
end
@@ -42,9 +45,15 @@ def multi_two
render_text "#{@session["two"]}:#{@session["one"]}"
end
+ def guarded_by_method
+ render_text "#{@request.method}"
+ end
+
def unguarded
render_text "#{@params["one"]}"
end
+
+ def rescue_action(e) raise end
end
def setup
@@ -134,4 +143,16 @@ def test_multi_two_without_prereqs
process "multi_two"
assert_redirected_to :action => "unguarded"
end
+
+ def test_guarded_by_method_with_prereqs
+ @request.env["REQUEST_METHOD"] = "POST"
+ process "guarded_by_method"
+ assert_equal "post", @response.body
+ end
+
+ def test_guarded_by_method_without_prereqs
+ @request.env["REQUEST_METHOD"] = "GET"
+ process "guarded_by_method"
+ assert_redirected_to :action => "unguarded"
+ end
end

0 comments on commit 00121b2

Please sign in to comment.