<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>Module: ActionController::Verification::ClassMethods</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<meta http-equiv="Content-Script-Type" content="text/javascript" />
<link rel="stylesheet" href="../../.././rdoc-style.css" type="text/css" media="screen" />
<script type="text/javascript">
// <![CDATA[
function popupCode( url ) {
window.open(url, "Code", "resizable=yes,scrollbars=yes,toolbar=no,status=no,height=150,width=400")
}
function toggleCode( id ) {
if ( document.getElementById )
elem = document.getElementById( id );
else if ( document.all )
elem = eval( "document.all." + id );
else
return false;
elemStyle = elem.style;
if ( elemStyle.display != "block" ) {
elemStyle.display = "block"
} else {
elemStyle.display = "none"
}
return true;
}
// Make codeblocks hidden by default
document.writeln( "<style type=\"text/css\">div.method-source-code { display: none }</style>" )
// ]]>
</script>
</head>
<body>
<div id="classHeader">
<table class="header-table">
<tr class="top-aligned-row">
<td><strong>Module</strong></td>
<td class="class-name-in-header">ActionController::Verification::ClassMethods</td>
</tr>
<tr class="top-aligned-row">
<td><strong>In:</strong></td>
<td>
<a href="../../../files/lib/action_controller/verification_rb.html">
lib/action_controller/verification.rb
</a>
<br />
</td>
</tr>
</table>
</div>
<!-- banner header -->
<div id="bodyContent">
<div id="contextContent">
<div id="description">
<p>
This module provides a class-level method for specifying that certain
actions are guarded against being called without certain prerequisites
being met. This is essentially a special kind of before_filter.
</p>
<p>
An action may be guarded against being invoked without certain request
parameters being set, or without certain session values existing.
</p>
<p>
When a verification is violated, values may be inserted into the flash, and
a specified redirection is triggered. If no specific action is configured,
verification failures will by default result in a 400 Bad <a
href="../Request.html">Request</a> response.
</p>
<p>
Usage:
</p>
<pre>
class GlobalController < ActionController::Base
# Prevent the #update_settings action from being invoked unless
# the 'admin_privileges' request parameter exists. The
# settings action will be redirected to in current controller
# if verification fails.
verify :params => "admin_privileges", :only => :update_post,
:redirect_to => { :action => "settings" }
# Disallow a post from being updated if there was no information
# submitted with the post, and if there is no active post in the
# session, and if there is no "note" key in the flash. The route
# named category_url will be redirected to if verification fails.
verify :params => "post", :session => "post", "flash" => "note",
:only => :update_post,
:add_flash => { "alert" => "Failed to create your message" },
:redirect_to => :category_url
</pre>
<p>
Note that these prerequisites are not business rules. They do not examine
the content of the session or the parameters. That level of validation
should be encapsulated by your domain model or helper methods in the
controller.
</p>
</div>
</div>
<div id="method-list">
<h3 class="section-bar">Methods</h3>
<div class="name-list">
<a href="#M000227">verify</a>
</div>
</div>
</div>
<!-- if includes -->
<div id="section">
<!-- if method_list -->
<div id="methods">
<h3 class="section-bar">Public Instance methods</h3>
<div id="method-M000227" class="method-detail">
<a name="M000227"></a>
<div class="method-heading">
<a href="ClassMethods.src/M000227.html" target="Code" class="method-signature"
onclick="popupCode('ClassMethods.src/M000227.html');return false;">
<span class="method-name">verify</span><span class="method-args">(options={})</span>
</a>
</div>
<div class="method-description">
<p>
Verify the given actions so that if certain prerequisites are not met, the
user is redirected to a different action. The <tt>options</tt> parameter is
a hash consisting of the following key/value pairs:
</p>
<table>
<tr><td valign="top"><tt>:params</tt>:</td><td>a single key or an array of keys that must be in the <tt>params</tt> hash
in order for the action(s) to be safely called.
</td></tr>
<tr><td valign="top"><tt>:session</tt>:</td><td>a single key or an array of keys that must be in the <tt>session</tt> in
order for the action(s) to be safely called.
</td></tr>
<tr><td valign="top"><tt>:flash</tt>:</td><td>a single key or an array of keys that must be in the flash in order for the
action(s) to be safely called.
</td></tr>
<tr><td valign="top"><tt>:method</tt>:</td><td>a single key or an array of keys—any one of which must match the
current request method in order for the action(s) to be safely called. (The
key should be a symbol: <tt>:get</tt> or <tt>:post</tt>, for example.)
</td></tr>
<tr><td valign="top"><tt>:xhr</tt>:</td><td>true/false option to ensure that the request is coming from an Ajax call or
not.
</td></tr>
<tr><td valign="top"><tt>:add_flash</tt>:</td><td>a hash of name/value pairs that should be merged into the session‘s
flash if the prerequisites cannot be satisfied.
</td></tr>
<tr><td valign="top"><tt>:add_headers</tt>:</td><td>a hash of name/value pairs that should be merged into the response‘s
headers hash if the prerequisites cannot be satisfied.
</td></tr>
<tr><td valign="top"><tt>:redirect_to</tt>:</td><td>the redirection parameters to be used when redirecting if the prerequisites
cannot be satisfied. You can redirect either to named route or to the
action in some controller.
</td></tr>
<tr><td valign="top"><tt>:render</tt>:</td><td>the render parameters to be used when the prerequisites cannot be
satisfied.
</td></tr>
<tr><td valign="top"><tt>:only</tt>:</td><td>only apply this verification to the actions specified in the associated
array (may also be a single value).
</td></tr>
<tr><td valign="top"><tt>:except</tt>:</td><td>do not apply this verification to the actions specified in the associated
array (may also be a single value).
</td></tr>
</table>
</div>
</div>
</div>
</div>
<div id="validator-badges">
<p><small><a href="http://validator.w3.org/check/referer">[Validate]</a></small></p>
</div>
</body>
</html>
distrib
>
Mandriva
>
2010.0
>
i586
>
media
>
contrib-release
>
by-pkgid
>
8b99df826c3b6cf56a1caaae5f931d50
>
files
>
694
