Rails core - Sep 2007 - Turn ActionController::Verification into a plugin

On the topic of "pluginizing" code, how does everyone feel about
removing verification from ActionController. Guarding against or only
allowing a certain method should be handled in routing (Hopefully done
RESTfully).

http://dev.rubyonrails.org/ticket/9517


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Core" group.
To post to this group, send email to rubyonrails-core@googlegroups.com
To unsubscribe from this group, send email to
rubyonrails-core-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/rubyonrails-core?hl=en
-~----------~----~----~----~------~----~------~--~---

I kinda like "verify".  Guess it should stay in core.

On 9/10/07, Josh Peek <joshpeek@gmail.com> wrote:
>
> On the topic of "pluginizing" code, how does everyone feel about
> removing verification from ActionController. Guarding against or only
> allowing a certain method should be handled in routing (Hopefully done
> RESTfully).
>
> http://dev.rubyonrails.org/ticket/9517
>
>
> >
>

-- 
Cheers!
- Pratik
http://m.onkey.org

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Core" group.
To post to this group, send email to rubyonrails-core@googlegroups.com
To unsubscribe from this group, send email to
rubyonrails-core-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/rubyonrails-core?hl=en
-~----------~----~----~----~------~----~------~--~---

Just wondering how you are still using?

On Sep 9, 10:13 pm, Pratik <pratikn...@gmail.com>
wrote:
> I kinda like "verify".  Guess it should stay in core.
>
> On 9/10/07, Josh Peek <joshp...@gmail.com> wrote:
>
>
>
> > On the topic of "pluginizing" code, how does everyone feel
about
> > removing verification from ActionController. Guarding against or only
> > allowing a certain method should be handled in routing (Hopefully done
> > RESTfully).
>
> >http://dev.rubyonrails.org/ticket/9517
>
> --
> Cheers!
> - Pratikhttp://m.onkey.org

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Core" group.
To post to this group, send email to rubyonrails-core@googlegroups.com
To unsubscribe from this group, send email to
rubyonrails-core-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/rubyonrails-core?hl=en
-~----------~----~----~----~------~----~------~--~---

On 9/9/07, Josh Peek <joshpeek@gmail.com> wrote:
>
> Just wondering how you are still using?
REST style controllers aren''t a requirement in Rails.  If REST becomes
mandatory, I can see where Verifications aren''t necessary anymore
though.

-- 
Rick Olson
http://lighthouseapp.com
http://weblog.techno-weenie.net
http://mephistoblog.com

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Core" group.
To post to this group, send email to rubyonrails-core@googlegroups.com
To unsubscribe from this group, send email to
rubyonrails-core-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/rubyonrails-core?hl=en
-~----------~----~----~----~------~----~------~--~---

You can still do

map.connect ''users/create'', :controller =>
''users'', :action =>
''create'', :requirements => { :method => :post }

instead of

verify :only => :create, :method => :post

On Sep 9, 10:22 pm, "Rick Olson" <technowee...@gmail.com>
wrote:
> On 9/9/07, Josh Peek <joshp...@gmail.com> wrote:
>
>
>
> > Just wondering how you are still using?
>
> REST style controllers aren''t a requirement in Rails.  If REST
becomes
> mandatory, I can see where Verifications aren''t necessary anymore
> though.
>
> --
> Rick
Olsonhttp://lighthouseapp.comhttp://weblog.techno-weenie.nethttp://mephistoblog.com

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Core" group.
To post to this group, send email to rubyonrails-core@googlegroups.com
To unsubscribe from this group, send email to
rubyonrails-core-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/rubyonrails-core?hl=en
-~----------~----~----~----~------~----~------~--~---

> verify :only => :create, :method => :post
All verify does is generate a before filter, it seems to confuse the
heck out of new users too.  Just watch people trying to debug a ''GET
/foo/destroy/1'' error.

Is there anyone here using verification in anger?  How are you using it?

-- 
Cheers

Koz

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Core" group.
To post to this group, send email to rubyonrails-core@googlegroups.com
To unsubscribe from this group, send email to
rubyonrails-core-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/rubyonrails-core?hl=en
-~----------~----~----~----~------~----~------~--~---

> Is there anyone here using verification in anger?  How are you using it?
Here''s one example:

class AmnesiaController < ApplicationController
  verify :method => :post, :only =>
[ :send_password, :send_account_holder_user_name ]

This is from Highrise. There are still controllers that doesn''t
necessarily makes sense as REST, but still needs to have protection
against bad verbs being applied.

We also use verifiy in Basecamp to guard against a request having the
right parameters.

So I''d say it still has real use and shouldn''t be pluginized.


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Core" group.
To post to this group, send email to rubyonrails-core@googlegroups.com
To unsubscribe from this group, send email to
rubyonrails-core-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/rubyonrails-core?hl=en
-~----------~----~----~----~------~----~------~--~---

> Here''s one example:
>
> class AmnesiaController < ApplicationController
>   verify :method => :post, :only =>
> [ :send_password, :send_account_holder_user_name ]
>
> This is from Highrise. There are still controllers that doesn''t
> necessarily makes sense as REST, but still needs to have protection
> against bad verbs being applied.
>
> We also use verifiy in Basecamp to guard against a request having the
> right parameters.
>
> So I''d say it still has real use and shouldn''t be
pluginized.
Interestingly every example people have cited is only using :method.  Not:

verify :params => "post", :session => "post",
"flash" => "note",
           :only => :update_post,
           :add_flash => { "alert" => "Failed to create
your message" },
           :redirect_to => :category_url

etc.

Perhaps the crazy stuff can be pluginized at some later date...

-- 
Cheers

Koz

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Core" group.
To post to this group, send email to rubyonrails-core@googlegroups.com
To unsubscribe from this group, send email to
rubyonrails-core-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/rubyonrails-core?hl=en
-~----------~----~----~----~------~----~------~--~---