diff options
Diffstat (limited to 'actionpack')
-rw-r--r-- | actionpack/CHANGELOG | 2 | ||||
-rw-r--r-- | actionpack/lib/action_controller/verification.rb | 17 | ||||
-rw-r--r-- | actionpack/test/controller/verification_test.rb | 21 |
3 files changed, 36 insertions, 4 deletions
diff --git a/actionpack/CHANGELOG b/actionpack/CHANGELOG index c3dc91fd38..de5543289b 100644 --- a/actionpack/CHANGELOG +++ b/actionpack/CHANGELOG @@ -1,5 +1,7 @@ *SVN* +* Added :method option to verify for ensuring that either GET, POST, etc is allowed #984 [Jamis Buck] + * Added options to set cc, bcc, subject, and body for UrlHelper#mail_to #966 [DeLynn] * Fixed include_blank for select_hour/minute/second #527 [edward@debian.org] diff --git a/actionpack/lib/action_controller/verification.rb b/actionpack/lib/action_controller/verification.rb index db3ea39168..b0f5236adf 100644 --- a/actionpack/lib/action_controller/verification.rb +++ b/actionpack/lib/action_controller/verification.rb @@ -44,14 +44,18 @@ module ActionController #:nodoc: # be in the @session in order for the action(s) to be safely called. # * <tt>:flash</tt>: a single key or an array of keys that must # be in the flash in order for the action(s) to be safely called. + # * <tt>:method</tt>: a single key or an array of keys--any one of which + # must match the current request method in order for the action(s) to + # be safely called. (The key should be a symbol: <tt>:get</tt> or + # <tt>:post</tt>, for example.) # * <tt>:add_flash</tt>: a hash of name/value pairs that should be merged # into the session's flash if the prerequisites cannot be satisfied. # * <tt>:redirect_to</tt>: the redirection parameters to be used when # redirecting if the prerequisites cannot be satisfied. - # * <tt>:only</tt>: only apply this verification to the actions specified in - # the associated array (may also be a single value). - # * <tt>:except</tt>: do not apply this verification to the actions specified in - # the associated array (may also be a single value). + # * <tt>:only</tt>: only apply this verification to the actions specified + # in the associated array (may also be a single value). + # * <tt>:except</tt>: do not apply this verification to the actions + # specified in the associated array (may also be a single value). def verify(options={}) filter_opts = { :only => options[:only], :except => options[:except] } before_filter(filter_opts) do |c| @@ -65,6 +69,11 @@ module ActionController #:nodoc: [*options[:params] ].find { |v| @params[v].nil? } || [*options[:session]].find { |v| @session[v].nil? } || [*options[:flash] ].find { |v| flash[v].nil? } + + if !prereqs_invalid && options[:method] + prereqs_invalid ||= + [*options[:method]].all? { |v| @request.method != v.to_sym } + end if prereqs_invalid flash.update(options[:add_flash]) if options[:add_flash] diff --git a/actionpack/test/controller/verification_test.rb b/actionpack/test/controller/verification_test.rb index 07dc73eb1c..3b547885c1 100644 --- a/actionpack/test/controller/verification_test.rb +++ b/actionpack/test/controller/verification_test.rb @@ -18,6 +18,9 @@ class VerificationTest < Test::Unit::TestCase verify :only => [:multi_one, :multi_two], :session => %w( one two ), :redirect_to => { :action => "unguarded" } + verify :only => :guarded_by_method, :method => :post, + :redirect_to => { :action => "unguarded" } + def guarded_one render_text "#{@params["one"]}" end @@ -42,9 +45,15 @@ class VerificationTest < Test::Unit::TestCase render_text "#{@session["two"]}:#{@session["one"]}" end + def guarded_by_method + render_text "#{@request.method}" + end + def unguarded render_text "#{@params["one"]}" end + + def rescue_action(e) raise end end def setup @@ -134,4 +143,16 @@ class VerificationTest < Test::Unit::TestCase process "multi_two" assert_redirected_to :action => "unguarded" end + + def test_guarded_by_method_with_prereqs + @request.env["REQUEST_METHOD"] = "POST" + process "guarded_by_method" + assert_equal "post", @response.body + end + + def test_guarded_by_method_without_prereqs + @request.env["REQUEST_METHOD"] = "GET" + process "guarded_by_method" + assert_redirected_to :action => "unguarded" + end end |