Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
5 changed files
with
459 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Original file line | Diff line number | Diff line change |
|---|---|---|---|
| @@ -0,0 +1,34 @@ | |||
| This module provides a class-level method for specifying that certain | |||
| actions are guarded against being called without certain prerequisites | |||
| being met. This is essentially a special kind of before_filter. | |||
|
|
|||
| An action may be guarded against being invoked without certain request | |||
| parameters being set, or without certain session values existing. | |||
|
|
|||
| When a verification is violated, values may be inserted into the flash, and | |||
| a specified redirection is triggered. If no specific action is configured, | |||
| verification failures will by default result in a 400 Bad Request response. | |||
|
|
|||
| Usage: | |||
|
|
|||
| class GlobalController < ActionController::Base | |||
| # Prevent the #update_settings action from being invoked unless | |||
| # the 'admin_privileges' request parameter exists. The | |||
| # settings action will be redirected to in current controller | |||
| # if verification fails. | |||
| verify :params => "admin_privileges", :only => :update_post, | |||
| :redirect_to => { :action => "settings" } | |||
|
|
|||
| # Disallow a post from being updated if there was no information | |||
| # submitted with the post, and if there is no active post in the | |||
| # session, and if there is no "note" key in the flash. The route | |||
| # named category_url will be redirected to if verification fails. | |||
|
|
|||
| verify :params => "post", :session => "post", "flash" => "note", | |||
| :only => :update_post, | |||
| :add_flash => { "alert" => "Failed to create your message" }, | |||
| :redirect_to => :category_url | |||
|
|
|||
| Note that these prerequisites are not business rules. They do not examine | |||
| the content of the session or the parameters. That level of validation should | |||
| be encapsulated by your domain model or helper methods in the controller. | |||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Original file line | Diff line number | Diff line change |
|---|---|---|---|
| @@ -0,0 +1,22 @@ | |||
| require 'rake' | |||
| require 'rake/testtask' | |||
| require 'rake/rdoctask' | |||
|
|
|||
| desc 'Default: run unit tests.' | |||
| task :default => :test | |||
|
|
|||
| desc 'Test the verification plugin.' | |||
| Rake::TestTask.new(:test) do |t| | |||
| t.libs << 'lib' | |||
| t.pattern = 'test/**/*_test.rb' | |||
| t.verbose = true | |||
| end | |||
|
|
|||
| desc 'Generate documentation for the verification plugin.' | |||
| Rake::RDocTask.new(:rdoc) do |rdoc| | |||
| rdoc.rdoc_dir = 'rdoc' | |||
| rdoc.title = 'Verification' | |||
| rdoc.options << '--line-numbers' << '--inline-source' | |||
| rdoc.rdoc_files.include('README') | |||
| rdoc.rdoc_files.include('lib/**/*.rb') | |||
| end | |||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Original file line | Diff line number | Diff line change |
|---|---|---|---|
| @@ -0,0 +1 @@ | |||
| require 'action_controller/verification' | |||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Original file line | Diff line number | Diff line change |
|---|---|---|---|
| @@ -0,0 +1,132 @@ | |||
| module ActionController #:nodoc: | |||
| module Verification #:nodoc: | |||
| extend ActiveSupport::Concern | |||
|
|
|||
| include AbstractController::Callbacks, Flash, Rendering | |||
|
|
|||
| # This module provides a class-level method for specifying that certain | |||
| # actions are guarded against being called without certain prerequisites | |||
| # being met. This is essentially a special kind of before_filter. | |||
| # | |||
| # An action may be guarded against being invoked without certain request | |||
| # parameters being set, or without certain session values existing. | |||
| # | |||
| # When a verification is violated, values may be inserted into the flash, and | |||
| # a specified redirection is triggered. If no specific action is configured, | |||
| # verification failures will by default result in a 400 Bad Request response. | |||
| # | |||
| # Usage: | |||
| # | |||
| # class GlobalController < ActionController::Base | |||
| # # Prevent the #update_settings action from being invoked unless | |||
| # # the 'admin_privileges' request parameter exists. The | |||
| # # settings action will be redirected to in current controller | |||
| # # if verification fails. | |||
| # verify :params => "admin_privileges", :only => :update_post, | |||
| # :redirect_to => { :action => "settings" } | |||
| # | |||
| # # Disallow a post from being updated if there was no information | |||
| # # submitted with the post, and if there is no active post in the | |||
| # # session, and if there is no "note" key in the flash. The route | |||
| # # named category_url will be redirected to if verification fails. | |||
| # | |||
| # verify :params => "post", :session => "post", "flash" => "note", | |||
| # :only => :update_post, | |||
| # :add_flash => { "alert" => "Failed to create your message" }, | |||
| # :redirect_to => :category_url | |||
| # | |||
| # Note that these prerequisites are not business rules. They do not examine | |||
| # the content of the session or the parameters. That level of validation should | |||
| # be encapsulated by your domain model or helper methods in the controller. | |||
| module ClassMethods | |||
| # Verify the given actions so that if certain prerequisites are not met, | |||
| # the user is redirected to a different action. The +options+ parameter | |||
| # is a hash consisting of the following key/value pairs: | |||
| # | |||
| # <tt>:params</tt>:: | |||
| # a single key or an array of keys that must be in the <tt>params</tt> | |||
| # hash in order for the action(s) to be safely called. | |||
| # <tt>:session</tt>:: | |||
| # a single key or an array of keys that must be in the <tt>session</tt> | |||
| # in order for the action(s) to be safely called. | |||
| # <tt>:flash</tt>:: | |||
| # a single key or an array of keys that must be in the flash in order | |||
| # for the action(s) to be safely called. | |||
| # <tt>:method</tt>:: | |||
| # a single key or an array of keys--any one of which must match the | |||
| # current request method in order for the action(s) to be safely called. | |||
| # (The key should be a symbol: <tt>:get</tt> or <tt>:post</tt>, for | |||
| # example.) | |||
| # <tt>:xhr</tt>:: | |||
| # true/false option to ensure that the request is coming from an Ajax | |||
| # call or not. | |||
| # <tt>:add_flash</tt>:: | |||
| # a hash of name/value pairs that should be merged into the session's | |||
| # flash if the prerequisites cannot be satisfied. | |||
| # <tt>:add_headers</tt>:: | |||
| # a hash of name/value pairs that should be merged into the response's | |||
| # headers hash if the prerequisites cannot be satisfied. | |||
| # <tt>:redirect_to</tt>:: | |||
| # the redirection parameters to be used when redirecting if the | |||
| # prerequisites cannot be satisfied. You can redirect either to named | |||
| # route or to the action in some controller. | |||
| # <tt>:render</tt>:: | |||
| # the render parameters to be used when the prerequisites cannot be satisfied. | |||
| # <tt>:only</tt>:: | |||
| # only apply this verification to the actions specified in the associated | |||
| # array (may also be a single value). | |||
| # <tt>:except</tt>:: | |||
| # do not apply this verification to the actions specified in the associated | |||
| # array (may also be a single value). | |||
| def verify(options={}) | |||
| before_filter :only => options[:only], :except => options[:except] do | |||
| verify_action options | |||
| end | |||
| end | |||
| end | |||
|
|
|||
| private | |||
|
|
|||
| def verify_action(options) #:nodoc: | |||
| if prereqs_invalid?(options) | |||
| flash.update(options[:add_flash]) if options[:add_flash] | |||
| response.headers.merge!(options[:add_headers]) if options[:add_headers] | |||
| apply_remaining_actions(options) unless performed? | |||
| end | |||
| end | |||
|
|
|||
| def prereqs_invalid?(options) # :nodoc: | |||
| verify_presence_of_keys_in_hash_flash_or_params(options) || | |||
| verify_method(options) || | |||
| verify_request_xhr_status(options) | |||
| end | |||
|
|
|||
| def verify_presence_of_keys_in_hash_flash_or_params(options) # :nodoc: | |||
| [*options[:params] ].find { |v| v && params[v.to_sym].nil? } || | |||
| [*options[:session]].find { |v| session[v].nil? } || | |||
| [*options[:flash] ].find { |v| flash[v].nil? } | |||
| end | |||
|
|
|||
| def verify_method(options) # :nodoc: | |||
| [*options[:method]].all? { |v| request.method != v.to_sym } if options[:method] | |||
| end | |||
|
|
|||
| def verify_request_xhr_status(options) # :nodoc: | |||
| request.xhr? != options[:xhr] unless options[:xhr].nil? | |||
| end | |||
|
|
|||
| def apply_redirect_to(redirect_to_option) # :nodoc: | |||
| (redirect_to_option.is_a?(Symbol) && redirect_to_option != :back) ? self.__send__(redirect_to_option) : redirect_to_option | |||
| end | |||
|
|
|||
| def apply_remaining_actions(options) # :nodoc: | |||
| case | |||
| when options[:render] ; render(options[:render]) | |||
| when options[:redirect_to] ; redirect_to(apply_redirect_to(options[:redirect_to])) | |||
| else head(:bad_request) | |||
| end | |||
| end | |||
| end | |||
| end | |||
|
|
|||
| ActionController::Base.send :include, ActionController::Verification | |||
Oops, something went wrong.