On the topic of "pluginizing" code, how does everyone feel about removing verification from ActionController. Guarding against or only allowing a certain method should be handled in routing (Hopefully done RESTfully). http://dev.rubyonrails.org/ticket/9517 --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To post to this group, send email to rubyonrails-core@googlegroups.com To unsubscribe from this group, send email to rubyonrails-core-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-core?hl=en -~----------~----~----~----~------~----~------~--~---
I kinda like "verify". Guess it should stay in core. On 9/10/07, Josh Peek <joshpeek@gmail.com> wrote:> > On the topic of "pluginizing" code, how does everyone feel about > removing verification from ActionController. Guarding against or only > allowing a certain method should be handled in routing (Hopefully done > RESTfully). > > http://dev.rubyonrails.org/ticket/9517 > > > > >-- Cheers! - Pratik http://m.onkey.org --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To post to this group, send email to rubyonrails-core@googlegroups.com To unsubscribe from this group, send email to rubyonrails-core-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-core?hl=en -~----------~----~----~----~------~----~------~--~---
Just wondering how you are still using? On Sep 9, 10:13 pm, Pratik <pratikn...@gmail.com> wrote:> I kinda like "verify". Guess it should stay in core. > > On 9/10/07, Josh Peek <joshp...@gmail.com> wrote: > > > > > On the topic of "pluginizing" code, how does everyone feel about > > removing verification from ActionController. Guarding against or only > > allowing a certain method should be handled in routing (Hopefully done > > RESTfully). > > >http://dev.rubyonrails.org/ticket/9517 > > -- > Cheers! > - Pratikhttp://m.onkey.org--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To post to this group, send email to rubyonrails-core@googlegroups.com To unsubscribe from this group, send email to rubyonrails-core-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-core?hl=en -~----------~----~----~----~------~----~------~--~---
On 9/9/07, Josh Peek <joshpeek@gmail.com> wrote:> > Just wondering how you are still using?REST style controllers aren''t a requirement in Rails. If REST becomes mandatory, I can see where Verifications aren''t necessary anymore though. -- Rick Olson http://lighthouseapp.com http://weblog.techno-weenie.net http://mephistoblog.com --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To post to this group, send email to rubyonrails-core@googlegroups.com To unsubscribe from this group, send email to rubyonrails-core-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-core?hl=en -~----------~----~----~----~------~----~------~--~---
You can still do map.connect ''users/create'', :controller => ''users'', :action => ''create'', :requirements => { :method => :post } instead of verify :only => :create, :method => :post On Sep 9, 10:22 pm, "Rick Olson" <technowee...@gmail.com> wrote:> On 9/9/07, Josh Peek <joshp...@gmail.com> wrote: > > > > > Just wondering how you are still using? > > REST style controllers aren''t a requirement in Rails. If REST becomes > mandatory, I can see where Verifications aren''t necessary anymore > though. > > -- > Rick Olsonhttp://lighthouseapp.comhttp://weblog.techno-weenie.nethttp://mephistoblog.com--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To post to this group, send email to rubyonrails-core@googlegroups.com To unsubscribe from this group, send email to rubyonrails-core-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-core?hl=en -~----------~----~----~----~------~----~------~--~---
Michael Koziarski
2007-Sep-10 04:48 UTC
Re: Turn ActionController::Verification into a plugin
> verify :only => :create, :method => :postAll verify does is generate a before filter, it seems to confuse the heck out of new users too. Just watch people trying to debug a ''GET /foo/destroy/1'' error. Is there anyone here using verification in anger? How are you using it? -- Cheers Koz --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To post to this group, send email to rubyonrails-core@googlegroups.com To unsubscribe from this group, send email to rubyonrails-core-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-core?hl=en -~----------~----~----~----~------~----~------~--~---
> Is there anyone here using verification in anger? How are you using it?Here''s one example: class AmnesiaController < ApplicationController verify :method => :post, :only => [ :send_password, :send_account_holder_user_name ] This is from Highrise. There are still controllers that doesn''t necessarily makes sense as REST, but still needs to have protection against bad verbs being applied. We also use verifiy in Basecamp to guard against a request having the right parameters. So I''d say it still has real use and shouldn''t be pluginized. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To post to this group, send email to rubyonrails-core@googlegroups.com To unsubscribe from this group, send email to rubyonrails-core-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-core?hl=en -~----------~----~----~----~------~----~------~--~---
Michael Koziarski
2007-Sep-10 23:53 UTC
Re: Turn ActionController::Verification into a plugin
> Here''s one example: > > class AmnesiaController < ApplicationController > verify :method => :post, :only => > [ :send_password, :send_account_holder_user_name ] > > This is from Highrise. There are still controllers that doesn''t > necessarily makes sense as REST, but still needs to have protection > against bad verbs being applied. > > We also use verifiy in Basecamp to guard against a request having the > right parameters. > > So I''d say it still has real use and shouldn''t be pluginized.Interestingly every example people have cited is only using :method. Not: verify :params => "post", :session => "post", "flash" => "note", :only => :update_post, :add_flash => { "alert" => "Failed to create your message" }, :redirect_to => :category_url etc. Perhaps the crazy stuff can be pluginized at some later date... -- Cheers Koz --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To post to this group, send email to rubyonrails-core@googlegroups.com To unsubscribe from this group, send email to rubyonrails-core-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-core?hl=en -~----------~----~----~----~------~----~------~--~---