diff options
| author | Joshua Peek <josh@joshpeek.com> | 2010-01-30 15:42:30 -0600 |
|---|---|---|
| committer | Joshua Peek <josh@joshpeek.com> | 2010-01-30 15:42:30 -0600 |
| commit | 9c2c307ee48b91177c3e1cb8831afe4f972d19eb (patch) | |
| tree | 82aadaceabadbe18546b9f62976ff385711546f9 | |
| parent | 779094a6024c762b3dfb60db7efb1d5d7f0c4ddc (diff) | |
| download | rails-9c2c307ee48b91177c3e1cb8831afe4f972d19eb.tar.gz rails-9c2c307ee48b91177c3e1cb8831afe4f972d19eb.tar.bz2 rails-9c2c307ee48b91177c3e1cb8831afe4f972d19eb.zip | |
Move form_remote_tag and remote_form_for into prototype_legacy_helper
| -rw-r--r-- | actionpack/lib/action_view/helpers/prototype_helper.rb | 109 | ||||
| -rw-r--r-- | actionpack/test/controller/request_forgery_protection_test.rb | 45 | ||||
| -rw-r--r-- | actionpack/test/template/form_helper_test.rb | 29 | ||||
| -rw-r--r-- | actionpack/test/template/prototype_helper_test.rb | 100 |
4 files changed, 18 insertions, 265 deletions
diff --git a/actionpack/lib/action_view/helpers/prototype_helper.rb b/actionpack/lib/action_view/helpers/prototype_helper.rb index 818412c345..1fa2fed460 100644 --- a/actionpack/lib/action_view/helpers/prototype_helper.rb +++ b/actionpack/lib/action_view/helpers/prototype_helper.rb @@ -102,115 +102,6 @@ module ActionView :form, :with, :update, :script, :type ]).merge(CALLBACKS) end - # Returns a form tag that will submit using XMLHttpRequest in the - # background instead of the regular reloading POST arrangement. Even - # though it's using JavaScript to serialize the form elements, the form - # submission will work just like a regular submission as viewed by the - # receiving side (all elements available in <tt>params</tt>). The options for - # specifying the target with <tt>:url</tt> and defining callbacks is the same as - # +link_to_remote+. - # - # A "fall-through" target for browsers that doesn't do JavaScript can be - # specified with the <tt>:action</tt>/<tt>:method</tt> options on <tt>:html</tt>. - # - # Example: - # # Generates: - # # <form action="/some/place" method="post" onsubmit="new Ajax.Request('', - # # {asynchronous:true, evalScripts:true, parameters:Form.serialize(this)}); return false;"> - # form_remote_tag :html => { :action => - # url_for(:controller => "some", :action => "place") } - # - # The Hash passed to the <tt>:html</tt> key is equivalent to the options (2nd) - # argument in the FormTagHelper.form_tag method. - # - # By default the fall-through action is the same as the one specified in - # the <tt>:url</tt> (and the default method is <tt>:post</tt>). - # - # form_remote_tag also takes a block, like form_tag: - # # Generates: - # # <form action="/" method="post" onsubmit="new Ajax.Request('/', - # # {asynchronous:true, evalScripts:true, parameters:Form.serialize(this)}); - # # return false;"> <div><input name="commit" type="submit" value="Save" /></div> - # # </form> - # <% form_remote_tag :url => '/posts' do -%> - # <div><%= submit_tag 'Save' %></div> - # <% end -%> - def form_remote_tag(options = {}, &block) - options[:form] = true - - options[:html] ||= {} - options[:html][:onsubmit] = - (options[:html][:onsubmit] ? options[:html][:onsubmit] + "; " : "") + - "#{remote_function(options)}; return false;" - - form_tag(options[:html].delete(:action) || url_for(options[:url]), options[:html], &block) - end - - # Creates a form that will submit using XMLHttpRequest in the background - # instead of the regular reloading POST arrangement and a scope around a - # specific resource that is used as a base for questioning about - # values for the fields. - # - # === Resource - # - # Example: - # <% remote_form_for(@post) do |f| %> - # ... - # <% end %> - # - # This will expand to be the same as: - # - # <% remote_form_for :post, @post, :url => post_path(@post), :html => { :method => :put, :class => "edit_post", :id => "edit_post_45" } do |f| %> - # ... - # <% end %> - # - # === Nested Resource - # - # Example: - # <% remote_form_for([@post, @comment]) do |f| %> - # ... - # <% end %> - # - # This will expand to be the same as: - # - # <% remote_form_for :comment, @comment, :url => post_comment_path(@post, @comment), :html => { :method => :put, :class => "edit_comment", :id => "edit_comment_45" } do |f| %> - # ... - # <% end %> - # - # If you don't need to attach a form to a resource, then check out form_remote_tag. - # - # See FormHelper#form_for for additional semantics. - def remote_form_for(record_or_name_or_array, *args, &proc) - options = args.extract_options! - - case record_or_name_or_array - when String, Symbol - object_name = record_or_name_or_array - when Array - object = record_or_name_or_array.last - object_name = ActionController::RecordIdentifier.singular_class_name(object) - apply_form_for_options!(record_or_name_or_array, options) - args.unshift object - else - object = record_or_name_or_array - object_name = ActionController::RecordIdentifier.singular_class_name(record_or_name_or_array) - apply_form_for_options!(object, options) - args.unshift object - end - - concat(form_remote_tag(options)) - fields_for(object_name, *(args << options), &proc) - concat('</form>'.html_safe!) - end - alias_method :form_remote_for, :remote_form_for - - # Returns '<tt>eval(request.responseText)</tt>' which is the JavaScript function - # that +form_remote_tag+ can call in <tt>:complete</tt> to evaluate a multiple - # update return document using +update_element_function+ calls. - def evaluate_remote_response - "eval(request.responseText)" - end - # Returns the JavaScript needed for a remote function. # Takes the same arguments as link_to_remote. # diff --git a/actionpack/test/controller/request_forgery_protection_test.rb b/actionpack/test/controller/request_forgery_protection_test.rb index 09003adf73..b2a0e2e2a3 100644 --- a/actionpack/test/controller/request_forgery_protection_test.rb +++ b/actionpack/test/controller/request_forgery_protection_test.rb @@ -6,14 +6,10 @@ module RequestForgeryProtectionActions def index render :inline => "<%= form_tag('/') {} %>" end - + def show_button render :inline => "<%= button_to('New', '/') {} %>" end - - def remote_form - render :inline => "<% form_remote_tag(:url => '/') {} %>" - end def unsafe render :text => 'pwn' @@ -30,11 +26,11 @@ end class FreeCookieController < RequestForgeryProtectionController self.allow_forgery_protection = false - + def index render :inline => "<%= form_tag('/') {} %>" end - + def show_button render :inline => "<%= button_to('New', '/') {} %>" end @@ -65,11 +61,6 @@ module RequestForgeryProtectionTests assert_select 'form>div>input[name=?][value=?]', 'authenticity_token', @token end - def test_should_render_remote_form_with_only_one_token_parameter - get :remote_form - assert_equal 1, @response.body.scan(@token).size - end - def test_should_allow_get get :index assert_response :success @@ -84,12 +75,12 @@ module RequestForgeryProtectionTests @request.env['CONTENT_TYPE'] = Mime::URL_ENCODED_FORM.to_s assert_raise(ActionController::InvalidAuthenticityToken) { post :index, :format => :html } end - + def test_should_not_allow_html_put_without_token @request.env['CONTENT_TYPE'] = Mime::URL_ENCODED_FORM.to_s assert_raise(ActionController::InvalidAuthenticityToken) { put :index, :format => :html } end - + def test_should_not_allow_html_delete_without_token @request.env['CONTENT_TYPE'] = Mime::URL_ENCODED_FORM.to_s assert_raise(ActionController::InvalidAuthenticityToken) { delete :index, :format => :html } @@ -154,51 +145,51 @@ module RequestForgeryProtectionTests delete :index, :format => 'xml' end end - + def test_should_allow_xhr_post_without_token assert_nothing_raised { xhr :post, :index } end - + def test_should_allow_xhr_put_without_token assert_nothing_raised { xhr :put, :index } end - + def test_should_allow_xhr_delete_without_token assert_nothing_raised { xhr :delete, :index } end - + def test_should_allow_xhr_post_with_encoded_form_content_type_without_token @request.env['CONTENT_TYPE'] = Mime::URL_ENCODED_FORM.to_s assert_nothing_raised { xhr :post, :index } end - + def test_should_allow_post_with_token post :index, :authenticity_token => @token assert_response :success end - + def test_should_allow_put_with_token put :index, :authenticity_token => @token assert_response :success end - + def test_should_allow_delete_with_token delete :index, :authenticity_token => @token assert_response :success end - + def test_should_allow_post_with_xml @request.env['CONTENT_TYPE'] = Mime::XML.to_s post :index, :format => 'xml' assert_response :success end - + def test_should_allow_put_with_xml @request.env['CONTENT_TYPE'] = Mime::XML.to_s put :index, :format => 'xml' assert_response :success end - + def test_should_allow_delete_with_xml @request.env['CONTENT_TYPE'] = Mime::XML.to_s delete :index, :format => 'xml' @@ -231,17 +222,17 @@ class FreeCookieControllerTest < ActionController::TestCase ActiveSupport::SecureRandom.stubs(:base64).returns(@token) end - + def test_should_not_render_form_with_token_tag get :index assert_select 'form>div>input[name=?][value=?]', 'authenticity_token', @token, false end - + def test_should_not_render_button_to_with_token_tag get :show_button assert_select 'form>div>input[name=?][value=?]', 'authenticity_token', @token, false end - + def test_should_allow_all_methods_without_token [:post, :put, :delete].each do |method| assert_nothing_raised { send(method, :index)} diff --git a/actionpack/test/template/form_helper_test.rb b/actionpack/test/template/form_helper_test.rb index 0c5c5d17ee..c97343fbe5 100644 --- a/actionpack/test/template/form_helper_test.rb +++ b/actionpack/test/template/form_helper_test.rb @@ -1230,26 +1230,6 @@ class FormHelperTest < ActionView::TestCase end - # Perhaps this test should be moved to prototype helper tests. - def test_remote_form_for_with_labelled_builder - self.extend ActionView::Helpers::PrototypeHelper - - remote_form_for(:post, @post, :builder => LabelledFormBuilder) do |f| - concat f.text_field(:title) - concat f.text_area(:body) - concat f.check_box(:secret) - end - - expected = - %(<form action="http://www.example.com" onsubmit="new Ajax.Request('http://www.example.com', {asynchronous:true, evalScripts:true, parameters:Form.serialize(this)}); return false;" method="post">) + - "<label for='title'>Title:</label> <input name='post[title]' size='30' type='text' id='post_title' value='Hello World' /><br/>" + - "<label for='body'>Body:</label> <textarea name='post[body]' id='post_body' rows='20' cols='40'>Back to the hill and over it again!</textarea><br/>" + - "<label for='secret'>Secret:</label> <input name='post[secret]' type='hidden' value='0' /><input name='post[secret]' checked='checked' type='checkbox' id='post_secret' value='1' /><br/>" + - "</form>" - - assert_dom_equal expected, output_buffer - end - def test_fields_for_with_labelled_builder fields_for(:post, @post, :builder => LabelledFormBuilder) do |f| concat f.text_field(:title) @@ -1396,15 +1376,6 @@ class FormHelperTest < ActionView::TestCase assert_equal expected, output_buffer end - def test_remote_form_for_with_html_options_adds_options_to_form_tag - self.extend ActionView::Helpers::PrototypeHelper - - remote_form_for(:post, @post, :html => {:id => 'some_form', :class => 'some_class'}) do |f| end - expected = "<form action=\"http://www.example.com\" class=\"some_class\" id=\"some_form\" method=\"post\" onsubmit=\"new Ajax.Request('http://www.example.com', {asynchronous:true, evalScripts:true, parameters:Form.serialize(this)}); return false;\"></form>" - - assert_dom_equal expected, output_buffer - end - protected def comments_path(post) "/posts/#{post.id}/comments" diff --git a/actionpack/test/template/prototype_helper_test.rb b/actionpack/test/template/prototype_helper_test.rb index 51a03d25a4..d95bdc2b90 100644 --- a/actionpack/test/template/prototype_helper_test.rb +++ b/actionpack/test/template/prototype_helper_test.rb @@ -82,106 +82,6 @@ class PrototypeHelperTest < PrototypeHelperBaseTest super end - def test_form_remote_tag - assert_dom_equal %(<form action=\"http://www.example.com/fast\" method=\"post\" onsubmit=\"new Ajax.Updater('glass_of_beer', 'http://www.example.com/fast', {asynchronous:true, evalScripts:true, parameters:Form.serialize(this)}); return false;\">), - form_remote_tag(:update => "glass_of_beer", :url => { :action => :fast }) - assert_dom_equal %(<form action=\"http://www.example.com/fast\" method=\"post\" onsubmit=\"new Ajax.Updater({success:'glass_of_beer'}, 'http://www.example.com/fast', {asynchronous:true, evalScripts:true, parameters:Form.serialize(this)}); return false;\">), - form_remote_tag(:update => { :success => "glass_of_beer" }, :url => { :action => :fast }) - assert_dom_equal %(<form action=\"http://www.example.com/fast\" method=\"post\" onsubmit=\"new Ajax.Updater({failure:'glass_of_water'}, 'http://www.example.com/fast', {asynchronous:true, evalScripts:true, parameters:Form.serialize(this)}); return false;\">), - form_remote_tag(:update => { :failure => "glass_of_water" }, :url => { :action => :fast }) - assert_dom_equal %(<form action=\"http://www.example.com/fast\" method=\"post\" onsubmit=\"new Ajax.Updater({success:'glass_of_beer',failure:'glass_of_water'}, 'http://www.example.com/fast', {asynchronous:true, evalScripts:true, parameters:Form.serialize(this)}); return false;\">), - form_remote_tag(:update => { :success => 'glass_of_beer', :failure => "glass_of_water" }, :url => { :action => :fast }) - end - - def test_form_remote_tag_with_method - assert_dom_equal %(<form action=\"http://www.example.com/fast\" method=\"post\" onsubmit=\"new Ajax.Updater('glass_of_beer', 'http://www.example.com/fast', {asynchronous:true, evalScripts:true, parameters:Form.serialize(this)}); return false;\"><div style='margin:0;padding:0;display:inline'><input name='_method' type='hidden' value='put' /></div>), - form_remote_tag(:update => "glass_of_beer", :url => { :action => :fast }, :html => { :method => :put }) - end - - def test_form_remote_tag_with_block_in_erb - __in_erb_template = '' - form_remote_tag(:update => "glass_of_beer", :url => { :action => :fast }) { concat "Hello world!" } - assert_dom_equal %(<form action=\"http://www.example.com/fast\" method=\"post\" onsubmit=\"new Ajax.Updater('glass_of_beer', 'http://www.example.com/fast', {asynchronous:true, evalScripts:true, parameters:Form.serialize(this)}); return false;\">Hello world!</form>), output_buffer - end - - def test_remote_form_for_with_record_identification_with_new_record - remote_form_for(@record, {:html => { :id => 'create-author' }}) {} - - expected = %(<form action='#{authors_path}' onsubmit="new Ajax.Request('#{authors_path}', {asynchronous:true, evalScripts:true, parameters:Form.serialize(this)}); return false;" class='new_author' id='create-author' method='post'></form>) - assert_dom_equal expected, output_buffer - end - - def test_remote_form_for_with_record_identification_without_html_options - remote_form_for(@record) {} - - expected = %(<form action='#{authors_path}' onsubmit="new Ajax.Request('#{authors_path}', {asynchronous:true, evalScripts:true, parameters:Form.serialize(this)}); return false;" class='new_author' method='post' id='new_author'></form>) - assert_dom_equal expected, output_buffer - end - - def test_remote_form_for_with_record_identification_with_existing_record - @record.save - remote_form_for(@record) {} - - expected = %(<form action='#{author_path(@record)}' id='edit_author_1' method='post' onsubmit="new Ajax.Request('#{author_path(@record)}', {asynchronous:true, evalScripts:true, parameters:Form.serialize(this)}); return false;" class='edit_author'><div style='margin:0;padding:0;display:inline'><input name='_method' type='hidden' value='put' /></div></form>) - assert_dom_equal expected, output_buffer - end - - def test_remote_form_for_with_new_object_in_list - remote_form_for([@author, @article]) {} - - expected = %(<form action='#{author_articles_path(@author)}' onsubmit="new Ajax.Request('#{author_articles_path(@author)}', {asynchronous:true, evalScripts:true, parameters:Form.serialize(this)}); return false;" class='new_article' method='post' id='new_article'></form>) - assert_dom_equal expected, output_buffer - end - - def test_remote_form_for_with_existing_object_in_list - @author.save - @article.save - remote_form_for([@author, @article]) {} - - expected = %(<form action='#{author_article_path(@author, @article)}' id='edit_article_1' method='post' onsubmit="new Ajax.Request('#{author_article_path(@author, @article)}', {asynchronous:true, evalScripts:true, parameters:Form.serialize(this)}); return false;" class='edit_article'><div style='margin:0;padding:0;display:inline'><input name='_method' type='hidden' value='put' /></div></form>) - assert_dom_equal expected, output_buffer - end - - def test_on_callbacks - callbacks = [:uninitialized, :loading, :loaded, :interactive, :complete, :success, :failure] - callbacks.each do |callback| - assert_dom_equal %(<form action=\"http://www.example.com/fast\" method=\"post\" onsubmit=\"new Ajax.Updater('glass_of_beer', 'http://www.example.com/fast', {asynchronous:true, evalScripts:true, on#{callback.to_s.capitalize}:function(request){monkeys();}, parameters:Form.serialize(this)}); return false;">), - form_remote_tag(:update => "glass_of_beer", :url => { :action => :fast }, callback=>"monkeys();") - assert_dom_equal %(<form action=\"http://www.example.com/fast\" method=\"post\" onsubmit=\"new Ajax.Updater({success:'glass_of_beer'}, 'http://www.example.com/fast', {asynchronous:true, evalScripts:true, on#{callback.to_s.capitalize}:function(request){monkeys();}, parameters:Form.serialize(this)}); return false;">), - form_remote_tag(:update => { :success => "glass_of_beer" }, :url => { :action => :fast }, callback=>"monkeys();") - assert_dom_equal %(<form action=\"http://www.example.com/fast\" method=\"post\" onsubmit=\"new Ajax.Updater({failure:'glass_of_beer'}, 'http://www.example.com/fast', {asynchronous:true, evalScripts:true, on#{callback.to_s.capitalize}:function(request){monkeys();}, parameters:Form.serialize(this)}); return false;">), - form_remote_tag(:update => { :failure => "glass_of_beer" }, :url => { :action => :fast }, callback=>"monkeys();") - assert_dom_equal %(<form action=\"http://www.example.com/fast\" method=\"post\" onsubmit=\"new Ajax.Updater({success:'glass_of_beer',failure:'glass_of_water'}, 'http://www.example.com/fast', {asynchronous:true, evalScripts:true, on#{callback.to_s.capitalize}:function(request){monkeys();}, parameters:Form.serialize(this)}); return false;">), - form_remote_tag(:update => { :success => "glass_of_beer", :failure => "glass_of_water" }, :url => { :action => :fast }, callback=>"monkeys();") - end - - #HTTP status codes 200 up to 599 have callbacks - #these should work - 100.upto(599) do |callback| - assert_dom_equal %(<form action=\"http://www.example.com/fast\" method=\"post\" onsubmit=\"new Ajax.Updater('glass_of_beer', 'http://www.example.com/fast', {asynchronous:true, evalScripts:true, on#{callback.to_s.capitalize}:function(request){monkeys();}, parameters:Form.serialize(this)}); return false;">), - form_remote_tag(:update => "glass_of_beer", :url => { :action => :fast }, callback=>"monkeys();") - end - - #test 200 and 404 - assert_dom_equal %(<form action=\"http://www.example.com/fast\" method=\"post\" onsubmit=\"new Ajax.Updater('glass_of_beer', 'http://www.example.com/fast', {asynchronous:true, evalScripts:true, on200:function(request){monkeys();}, on404:function(request){bananas();}, parameters:Form.serialize(this)}); return false;">), - form_remote_tag(:update => "glass_of_beer", :url => { :action => :fast }, 200=>"monkeys();", 404=>"bananas();") - - #these shouldn't - 1.upto(99) do |callback| - assert_dom_equal %(<form action=\"http://www.example.com/fast\" method=\"post\" onsubmit=\"new Ajax.Updater('glass_of_beer', 'http://www.example.com/fast', {asynchronous:true, evalScripts:true, parameters:Form.serialize(this)}); return false;">), - form_remote_tag(:update => "glass_of_beer", :url => { :action => :fast }, callback=>"monkeys();") - end - 600.upto(999) do |callback| - assert_dom_equal %(<form action=\"http://www.example.com/fast\" method=\"post\" onsubmit=\"new Ajax.Updater('glass_of_beer', 'http://www.example.com/fast', {asynchronous:true, evalScripts:true, parameters:Form.serialize(this)}); return false;">), - form_remote_tag(:update => "glass_of_beer", :url => { :action => :fast }, callback=>"monkeys();") - end - - #test ultimate combo - assert_dom_equal %(<form action=\"http://www.example.com/fast\" method=\"post\" onsubmit=\"new Ajax.Updater('glass_of_beer', 'http://www.example.com/fast', {asynchronous:true, evalScripts:true, on200:function(request){monkeys();}, on404:function(request){bananas();}, onComplete:function(request){c();}, onFailure:function(request){f();}, onLoading:function(request){c1()}, onSuccess:function(request){s()}, parameters:Form.serialize(this)}); return false;\">), - form_remote_tag(:update => "glass_of_beer", :url => { :action => :fast }, :loading => "c1()", :success => "s()", :failure => "f();", :complete => "c();", 200=>"monkeys();", 404=>"bananas();") - - end - def test_update_page old_output_buffer = output_buffer |