diff options
| author | David Heinemeier Hansson <david@loudthinking.com> | 2005-04-02 08:33:30 +0000 |
|---|---|---|
| committer | David Heinemeier Hansson <david@loudthinking.com> | 2005-04-02 08:33:30 +0000 |
| commit | 00121b2ca2f795d16b54295cb9fc0fdcbbe50dd8 (patch) | |
| tree | 08cac8f1215cfb0b4cc6f2a7dfd08907e861cb5e /actionpack/lib | |
| parent | aec31cd09f12fcda128582ef5bfbe25bb87db644 (diff) | |
| download | rails-00121b2ca2f795d16b54295cb9fc0fdcbbe50dd8.tar.gz rails-00121b2ca2f795d16b54295cb9fc0fdcbbe50dd8.tar.bz2 rails-00121b2ca2f795d16b54295cb9fc0fdcbbe50dd8.zip | |
Added :method option to verify for ensuring that either GET, POST, etc is allowed #984 [Jamis Buck]
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@1060 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
Diffstat (limited to 'actionpack/lib')
| -rw-r--r-- | actionpack/lib/action_controller/verification.rb | 17 |
1 files changed, 13 insertions, 4 deletions
diff --git a/actionpack/lib/action_controller/verification.rb b/actionpack/lib/action_controller/verification.rb index db3ea39168..b0f5236adf 100644 --- a/actionpack/lib/action_controller/verification.rb +++ b/actionpack/lib/action_controller/verification.rb @@ -44,14 +44,18 @@ module ActionController #:nodoc: # be in the @session in order for the action(s) to be safely called. # * <tt>:flash</tt>: a single key or an array of keys that must # be in the flash in order for the action(s) to be safely called. + # * <tt>:method</tt>: a single key or an array of keys--any one of which + # must match the current request method in order for the action(s) to + # be safely called. (The key should be a symbol: <tt>:get</tt> or + # <tt>:post</tt>, for example.) # * <tt>:add_flash</tt>: a hash of name/value pairs that should be merged # into the session's flash if the prerequisites cannot be satisfied. # * <tt>:redirect_to</tt>: the redirection parameters to be used when # redirecting if the prerequisites cannot be satisfied. - # * <tt>:only</tt>: only apply this verification to the actions specified in - # the associated array (may also be a single value). - # * <tt>:except</tt>: do not apply this verification to the actions specified in - # the associated array (may also be a single value). + # * <tt>:only</tt>: only apply this verification to the actions specified + # in the associated array (may also be a single value). + # * <tt>:except</tt>: do not apply this verification to the actions + # specified in the associated array (may also be a single value). def verify(options={}) filter_opts = { :only => options[:only], :except => options[:except] } before_filter(filter_opts) do |c| @@ -65,6 +69,11 @@ module ActionController #:nodoc: [*options[:params] ].find { |v| @params[v].nil? } || [*options[:session]].find { |v| @session[v].nil? } || [*options[:flash] ].find { |v| flash[v].nil? } + + if !prereqs_invalid && options[:method] + prereqs_invalid ||= + [*options[:method]].all? { |v| @request.method != v.to_sym } + end if prereqs_invalid flash.update(options[:add_flash]) if options[:add_flash] |