Rails - Apr 2006 - Strange Problem with ActionController (I think)

I''m working through the Agile Depot example

I have no idea what I did, but when I try and delete something from the 
web page I get this error on the log.

Processing AdminController#destroy (for 127.0.0.1 at 2006-04-02 
22:28:06) [GET]
  Session ID: 4371bd7ca2cb5ec5e08e60a7590df90a
  Parameters: {"action"=>"destroy",
"id"=>"5", "controller"=>"admin"}
Redirected to http://localhost:3000/admin/list
Filter chain halted as 
[#<Proc:0x013862e0@/usr/local/lib/ruby/gems/1.8/gems/actionpack-1.12.0/lib/action_controller/verification.rb:64>]
returned false
Completed in 0.00135 (739 reqs/sec) | DB: 0.00000 (0%) | 302 Found 
[http://localhost/admin/destroy/5]

If i go in using the console, I can perform product = Product.find(1); 
product.destroy; but using the browser, I can''t delete anything

I also tried using breakpoint in the destroy method in the 
ActionController, but it never seems to get triggered, in fact, I think 
the method itself never gets run... so i''m a little lost..


any help would be welcome !! :)

cheers

-- 
Posted via http://www.ruby-forum.com/.

oops, I realised I should have put this in:

my rhtml file has this:
<%= link_to ''Destroy'', { :action =>
''destroy'', :id => product },
	                             :confirm => "Are you sure?" %>

which results in this html on the rendered page:
<a href="/admin/destroy/5" onclick="return
confirm(''Are you
sure?'');">Destroy</a>



-- 
Posted via http://www.ruby-forum.com/.

Hi Andrew

Would you mind sharing a little code?  It might be simple.  Might not be.
Can''t tell without seeing some code.

Best regards
Bill
----- Original Message -----
From: "Andrew Gibson" <gibson_andrew@yahoo.com>
To: <rails@lists.rubyonrails.org>
Sent: 2006-04-02 9:37 PM
Subject: [Rails] Strange Problem with ActionController (I think)

> I''m working through the Agile Depot example
>
> I have no idea what I did, but when I try and delete something from the
> web page I get this error on the log.
>
> Processing AdminController#destroy (for 127.0.0.1 at 2006-04-02
> 22:28:06) [GET]
>   Session ID: 4371bd7ca2cb5ec5e08e60a7590df90a
>   Parameters: {"action"=>"destroy",
"id"=>"5", "controller"=>"admin"}
> Redirected to http://localhost:3000/admin/list
> Filter chain halted as
>
[#<Proc:0x013862e0@/usr/local/lib/ruby/gems/1.8/gems/actionpack-1.12.0/lib/a
ction_controller/verification.rb:64>]
> returned false
> Completed in 0.00135 (739 reqs/sec) | DB: 0.00000 (0%) | 302 Found
> [http://localhost/admin/destroy/5]
>
> If i go in using the console, I can perform product = Product.find(1);
> product.destroy; but using the browser, I can''t delete anything
>
> I also tried using breakpoint in the destroy method in the
> ActionController, but it never seems to get triggered, in fact, I think
> the method itself never gets run... so i''m a little lost..
>
>
> any help would be welcome !! :)
>
> cheers
>
> --
> Posted via http://www.ruby-forum.com/.
> _______________________________________________
> Rails mailing list
> Rails@lists.rubyonrails.org
> http://lists.rubyonrails.org/mailman/listinfo/rails

Andrew Gibson wrote:
> oops, I realised I should have put this in:
> 
> my rhtml file has this:
> <%= link_to ''Destroy'', { :action =>
''destroy'', :id => product },
> 	                             :confirm => "Are you sure?"
%>
> 
> which results in this html on the rendered page:
> <a href="/admin/destroy/5" onclick="return
confirm(''Are you
> sure?'');">Destroy</a>
The block in question is this:

 before_filter(filter_opts) do |c|
          c.send :verify_action, options
        end

This is guesswork, with no 1.1 app or AWDR book, but ISTR that Rails1.1 
puts a before_filter in the scaffold to ensure destroy is called with a 
:post type.  ''link_to'' will generate a :get, which now
won''t work.

Look through *your* controller for a before_filter which has something 
to do with :method => :post and :only => {:destroy....}.  Remove this 
line and (if I''m right) you should be cooking.

A.

-- 
Posted via http://www.ruby-forum.com/.

Hi Andrew,

How did you get on ?

Alan

Alan Francis wrote:
> Andrew Gibson wrote:
>> oops, I realised I should have put this in:
>> 
>> my rhtml file has this:
>> <%= link_to ''Destroy'', { :action =>
''destroy'', :id => product },
>> 	                             :confirm => "Are you sure?"
%>
>> 
>> which results in this html on the rendered page:
>> <a href="/admin/destroy/5" onclick="return
confirm(''Are you
>> sure?'');">Destroy</a>
> 
> The block in question is this:
> 
>  before_filter(filter_opts) do |c|
>           c.send :verify_action, options
>         end
> 
> This is guesswork, with no 1.1 app or AWDR book, but ISTR that Rails1.1 
> puts a before_filter in the scaffold to ensure destroy is called with a 
> :post type.  ''link_to'' will generate a :get, which now
won''t work.
> 
> Look through *your* controller for a before_filter which has something 
> to do with :method => :post and :only => {:destroy....}.  Remove this
> line and (if I''m right) you should be cooking.
> 
> A.

-- 
Posted via http://www.ruby-forum.com/.

Hi,
 Had the same problem and removed this line of code that the scaffold
autogenerated:

# GETs should be safe (see
http://www.w3.org/2001/tag/doc/whenToUseGet.html)
  verify :method => :post, :only => [ :destroy, :create, :update ],
         :redirect_to => { :action => :list }

It''s fixed the problem for now, I''ll have to manually check
all my
controllers that are linked to a db table though.

Thanks Alan, saved me a lot of time.




Alan Francis wrote:
> Hi Andrew,
> 
> How did you get on ?
> 
> Alan
> 
> Alan Francis wrote:
>> Andrew Gibson wrote:
>>> oops, I realised I should have put this in:
>>> 
>>> my rhtml file has this:
>>> <%= link_to ''Destroy'', { :action =>
''destroy'', :id => product },
>>> 	                             :confirm => "Are you
sure?" %>
>>> 
>>> which results in this html on the rendered page:
>>> <a href="/admin/destroy/5" onclick="return
confirm(''Are you
>>> sure?'');">Destroy</a>
>> 
>> The block in question is this:
>> 
>>  before_filter(filter_opts) do |c|
>>           c.send :verify_action, options
>>         end
>> 
>> This is guesswork, with no 1.1 app or AWDR book, but ISTR that Rails1.1
>> puts a before_filter in the scaffold to ensure destroy is called with a
>> :post type.  ''link_to'' will generate a :get, which
now won''t work.
>> 
>> Look through *your* controller for a before_filter which has something 
>> to do with :method => :post and :only => {:destroy....}.  Remove
this
>> line and (if I''m right) you should be cooking.
>> 
>> A.
-- 
Posted via http://www.ruby-forum.com/.