From 00121b2ca2f795d16b54295cb9fc0fdcbbe50dd8 Mon Sep 17 00:00:00 2001 From: David Heinemeier Hansson Date: Sat, 2 Apr 2005 08:33:30 +0000 Subject: Added :method option to verify for ensuring that either GET, POST, etc is allowed #984 [Jamis Buck] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@1060 5ecf4fe2-1ee6-0310-87b1-e25e094e27de --- actionpack/CHANGELOG | 2 ++ actionpack/lib/action_controller/verification.rb | 17 +++++++++++++---- actionpack/test/controller/verification_test.rb | 21 +++++++++++++++++++++ 3 files changed, 36 insertions(+), 4 deletions(-) diff --git a/actionpack/CHANGELOG b/actionpack/CHANGELOG index c3dc91fd38..de5543289b 100644 --- a/actionpack/CHANGELOG +++ b/actionpack/CHANGELOG @@ -1,5 +1,7 @@ *SVN* +* Added :method option to verify for ensuring that either GET, POST, etc is allowed #984 [Jamis Buck] + * Added options to set cc, bcc, subject, and body for UrlHelper#mail_to #966 [DeLynn] * Fixed include_blank for select_hour/minute/second #527 [edward@debian.org] diff --git a/actionpack/lib/action_controller/verification.rb b/actionpack/lib/action_controller/verification.rb index db3ea39168..b0f5236adf 100644 --- a/actionpack/lib/action_controller/verification.rb +++ b/actionpack/lib/action_controller/verification.rb @@ -44,14 +44,18 @@ module ActionController #:nodoc: # be in the @session in order for the action(s) to be safely called. # * :flash: a single key or an array of keys that must # be in the flash in order for the action(s) to be safely called. + # * :method: a single key or an array of keys--any one of which + # must match the current request method in order for the action(s) to + # be safely called. (The key should be a symbol: :get or + # :post, for example.) # * :add_flash: a hash of name/value pairs that should be merged # into the session's flash if the prerequisites cannot be satisfied. # * :redirect_to: the redirection parameters to be used when # redirecting if the prerequisites cannot be satisfied. - # * :only: only apply this verification to the actions specified in - # the associated array (may also be a single value). - # * :except: do not apply this verification to the actions specified in - # the associated array (may also be a single value). + # * :only: only apply this verification to the actions specified + # in the associated array (may also be a single value). + # * :except: do not apply this verification to the actions + # specified in the associated array (may also be a single value). def verify(options={}) filter_opts = { :only => options[:only], :except => options[:except] } before_filter(filter_opts) do |c| @@ -65,6 +69,11 @@ module ActionController #:nodoc: [*options[:params] ].find { |v| @params[v].nil? } || [*options[:session]].find { |v| @session[v].nil? } || [*options[:flash] ].find { |v| flash[v].nil? } + + if !prereqs_invalid && options[:method] + prereqs_invalid ||= + [*options[:method]].all? { |v| @request.method != v.to_sym } + end if prereqs_invalid flash.update(options[:add_flash]) if options[:add_flash] diff --git a/actionpack/test/controller/verification_test.rb b/actionpack/test/controller/verification_test.rb index 07dc73eb1c..3b547885c1 100644 --- a/actionpack/test/controller/verification_test.rb +++ b/actionpack/test/controller/verification_test.rb @@ -18,6 +18,9 @@ class VerificationTest < Test::Unit::TestCase verify :only => [:multi_one, :multi_two], :session => %w( one two ), :redirect_to => { :action => "unguarded" } + verify :only => :guarded_by_method, :method => :post, + :redirect_to => { :action => "unguarded" } + def guarded_one render_text "#{@params["one"]}" end @@ -42,9 +45,15 @@ class VerificationTest < Test::Unit::TestCase render_text "#{@session["two"]}:#{@session["one"]}" end + def guarded_by_method + render_text "#{@request.method}" + end + def unguarded render_text "#{@params["one"]}" end + + def rescue_action(e) raise end end def setup @@ -134,4 +143,16 @@ class VerificationTest < Test::Unit::TestCase process "multi_two" assert_redirected_to :action => "unguarded" end + + def test_guarded_by_method_with_prereqs + @request.env["REQUEST_METHOD"] = "POST" + process "guarded_by_method" + assert_equal "post", @response.body + end + + def test_guarded_by_method_without_prereqs + @request.env["REQUEST_METHOD"] = "GET" + process "guarded_by_method" + assert_redirected_to :action => "unguarded" + end end -- cgit v1.2.3