From f6a0f1eebfc6afda0aedac9f27b02772b72e8ca2 Mon Sep 17 00:00:00 2001
From: Neeraj Singh <neerajdotname@gmail.com>
Date: Wed, 13 May 2009 10:41:08 -0400
Subject: [PATCH] catch the exception if params[:klass] is wrong or nil

---
 lib/admin_data_controller.rb | 50 ++++++++++++------------------------
 1 file changed, 16 insertions(+), 34 deletions(-)

diff --git a/lib/admin_data_controller.rb b/lib/admin_data_controller.rb
index 7d6084a..713cef8 100644
--- a/lib/admin_data_controller.rb
+++ b/lib/admin_data_controller.rb
@@ -4,7 +4,7 @@ class AdminDataController  < ApplicationController
   
   before_filter :secure_it
   before_filter :admin_data_ensure_update_allowed, :only => [:destroy, :delete, :edit]
-
+  before_filter :get_class_from_params, :only => [:table_structure,:quick_search,:advance_search,:list,:show,:destroy,:delete,:edit,:new,:update,:create]
 
   def migration_information
     @data = ActiveRecord::Base.connection.select_all('select * from schema_migrations');
@@ -12,9 +12,6 @@ def migration_information
   end
   
   def table_structure
-
-    @klass = Object.const_get(params[:klass])
-    
     @types = ActiveRecord::Base.connection.native_database_types    
 
     if ActiveRecord::Base.connection.respond_to?(:pk_and_sequence_for)
@@ -37,7 +34,6 @@ def table_structure
       spec
     end.compact
 
-
     # find all migration keys used in this table
     keys = [:name, :limit, :precision, :scale, :default, :null] & column_specs.map(&:keys).flatten
 
@@ -80,8 +76,6 @@ def table_structure
 
   def quick_search
     session[:admin_data_search_type] = 'quick'          
-    @klass = Object.const_get(params[:klass])
-    
     params[:query] = params[:query].strip
     
     if params[:query].blank?
@@ -101,16 +95,8 @@ def quick_search
   
   
   def advance_search
-    session[:admin_data_search_type] = 'advance'    
-    begin
-      @klass = Object.const_get(params[:klass])
-    rescue TypeError => e # in case no params[:klass] is supplied
-      redirect_to admin_data_path and return
-    rescue NameError => e # in case wrong params[:klass] is supplied
-      redirect_to admin_data_path and return
-    end
-
-    
+    session[:admin_data_search_type] = 'advance'
+        
     if !params[:adv_search].blank?
       @records = @klass.paginate( :page => params[:page],
                                   :per_page => 25,
@@ -165,7 +151,6 @@ def index
 
 
   def list
-    @klass = Object.const_get(params[:klass])    
     if params[:base]
       model= Object.const_get(params[:base]).find(params[:model_id])
       has_many_proxy = model.send(params[:send].intern)
@@ -183,17 +168,15 @@ def list
     render :file =>   "#{RAILS_ROOT}/vendor/plugins/admin_data/lib/views/list.html.erb"    
   end
 
+  
   def show
     admin_data_ensure_update_allowed
-    
-    @klass = Object.const_get(params[:klass])
     @model = @klass.send(:find,params[:model_id]) rescue nil
     render :text => "<h2>#{@klass_name} Not Found: #{params[:model_id]}</h2>", :status => 404 and return if @model.nil?
     render :file =>   "#{RAILS_ROOT}/vendor/plugins/admin_data/lib/views/show.html.erb"        
   end
   
   def destroy
-    @klass = Object.const_get(params[:klass])
     @model = @klass.send(:find,params[:model_id]) rescue nil
     render :text => "<h2>#{@klass_name} Not Found: #{params[:model_id]}</h2>", :status => 404 and return if @model.nil?
     
@@ -203,7 +186,6 @@ def destroy
   end
 
   def delete
-    @klass = Object.const_get(params[:klass])
     @model = @klass.send(:find,params[:model_id]) rescue nil
     render :text => "<h2>#{@klass_name} Not Found: #{params[:model_id]}</h2>", :status => 404 and return if @model.nil?
     
@@ -213,20 +195,19 @@ def delete
   end
   
   def edit
-    @klass = Object.const_get(params[:klass])
     @model = @klass.send(:find,params[:model_id]) rescue nil
     render :text => "<h2>#{@klass_name} Not Found: #{params[:model_id]}</h2>", :status => 404 and return if @model.nil?
     render :file =>   "#{RAILS_ROOT}/vendor/plugins/admin_data/lib/views/edit.html.erb"        
   end
 
+
+
   def new
-    @klass = Object.const_get(params[:klass])
     @model = @klass.send(:new) 
     render :file =>   "#{RAILS_ROOT}/vendor/plugins/admin_data/lib/views/new.html.erb"        
   end
   
   def update
-    @klass = Object.const_get(params[:klass])
     @model = @klass.send(:find,params[:model_id]) rescue nil
     render :text => "<h2>#{@klass_name} Not Found: #{params[:model_id]}</h2>", :status => 404 and return if @model.nil?
         
@@ -243,13 +224,8 @@ def update
   end
   
   def create
-    @klass = Object.const_get(params[:klass])
-    
-        
     model_name_underscored = @klass.to_s.underscore
-    
     model_attrs = params[model_name_underscored]
-    
     @model = @klass.create(model_attrs)
     if @model.errors.any?
       render :file =>   "#{RAILS_ROOT}/vendor/plugins/admin_data/lib/views/new.html.erb"                    
@@ -259,8 +235,6 @@ def create
     end
   end
   
-  
-  
   #-------
   private
   #-------
@@ -277,7 +251,6 @@ def secure_it
     end
   end
    
-  
   def build_quick_search_conditions(klass,search_term)
     like_operator = 'LIKE'
     like_operator = 'ILIKE' if ActiveRecord::Base.connection.adapter_name == 'PostgreSQL'
@@ -290,7 +263,6 @@ def build_quick_search_conditions(klass,search_term)
     end
 
     condition = attribute_conditions.join(' or ')
-
     [condition, {:search_term => "%#{search_term.downcase}%"}]
   end
   
@@ -373,5 +345,15 @@ def default_string(value)
     end
   end
   
+  def get_class_from_params
+    begin
+      @klass = Object.const_get(params[:klass])
+    rescue TypeError # in case no params[:klass] is supplied
+      redirect_to admin_data_path
+    rescue NameError # in case wrong params[:klass] is supplied
+      redirect_to admin_data_path
+    end
+  end
+  
   
 end
\ No newline at end of file