thr3ads.net - Rails - Question on routes and default routes [Mar 2009]

If this information is useful, please help other people find it:
Share via:

Rails Dude

2009-Mar-15 16:25 UTC

Question on routes and default routes

Say I have a destroy action configured as the following

map.foo ''/foos/:id'', :controller =>
''foos'', :action => ''show'',
:conditions => { :method => :get }
map.foo ''/foos/:id'', :controller =>
''foos'', :action => ''destroy'',
:conditions => { :method => :delete }

Get on foos/:id goes to show and delete on foos/:id goes to destroy.
Nice and restful so all good so far.

But now say if i have the following default route in my routes.rb

map.connect '':controller/:action/:id''

Now someone can explicitly type in the url http://.../foos/destroy/123
and it will go to my destroy action in controller foos although this
action should only be accessed by a POST/DELETE not a GET.

Is there anyway to prevent a get on that action other than checking
within the controller itself?

def destroy
  return home_url unless method.delete?
  ...
end

Thanks!
-- 
Posted via http://www.ruby-forum.com/.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Brandon Olivares

2009-Mar-15 20:13 UTC

head link

Re: Question on routes and default routes

Hi,

I''m kind of new to rails, but I''m pretty sure it is suggested
that you remove those defaults, and only create routes explicitly.

Thanks,
Brandon
> -----Original Message-----
> From: rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
[mailto:rubyonrails-
> talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org] On Behalf Of Rails Dude
> Sent: Sunday, March 15, 2009 12:25 PM
> To: rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
> Subject: [Rails] Question on routes and default routes
> 
> 
> Say I have a destroy action configured as the following
> 
> map.foo ''/foos/:id'', :controller =>
''foos'', :action => ''show'',
> :conditions => { :method => :get }
> map.foo ''/foos/:id'', :controller =>
''foos'', :action => ''destroy'',
> :conditions => { :method => :delete }
> 
> Get on foos/:id goes to show and delete on foos/:id goes to destroy.
> Nice and restful so all good so far.
> 
> But now say if i have the following default route in my routes.rb
> 
> map.connect '':controller/:action/:id''
> 
> Now someone can explicitly type in the url http://.../foos/destroy/123
> and it will go to my destroy action in controller foos although this
> action should only be accessed by a POST/DELETE not a GET.
> 
> Is there anyway to prevent a get on that action other than checking
> within the controller itself?
> 
> def destroy
>   return home_url unless method.delete?
>   ...
> end
> 
> Thanks!
> --
> Posted via http://www.ruby-forum.com/.
> 
> 
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Bob Martens

2009-Mar-15 20:34 UTC

head link

Re: Question on routes and default routes

If you are going to go with a Restful design, why not just you
map.resources?

On Mar 15, 11:25 am, Rails Dude
<rails-mailing-l...-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org>
wrote:> Say I have a destroy action configured as the following
>
> map.foo ''/foos/:id'', :controller =>
''foos'', :action => ''show'',
> :conditions => { :method => :get }
> map.foo ''/foos/:id'', :controller =>
''foos'', :action => ''destroy'',
> :conditions => { :method => :delete }
>
> Get on foos/:id goes to show and delete on foos/:id goes to destroy.
> Nice and restful so all good so far.
>
> But now say if i have the following default route in my routes.rb
>
> map.connect '':controller/:action/:id''
>
> Now someone can explicitly type in the urlhttp://.../foos/destroy/123
> and it will go to my destroy action in controller foos although this
> action should only be accessed by a POST/DELETE not a GET.
>
> Is there anyway to prevent a get on that action other than checking
> within the controller itself?
>
> def destroy
>   return home_url unless method.delete?
>   ...
> end
>
> Thanks!
> --
> Posted viahttp://www.ruby-forum.com/.--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

\"Wolas!\"

2009-Mar-16 11:19 UTC

head link

Re: Question on routes and default routes

It is NOT suggested that the defaults be removed like Brandond says.

It IS suggested that you use map.resources :foos. Which will give you
what you want.

if you, however, want to check explicitely for the method of and
action you can do things like:

def some_action
    render(:text => "you shouldnt be trying this") and return
unless
reques.post?
    ....
    ....
end

On Mar 15, 9:34 pm, Bob Martens
<boblmart...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:> If you are going to go with a Restful design, why not just you
> map.resources?
>
> On Mar 15, 11:25 am, Rails Dude
<rails-mailing-l...-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org>
> wrote:
>
> > Say I have a destroy action configured as the following
>
> > map.foo ''/foos/:id'', :controller =>
''foos'', :action => ''show'',
> > :conditions => { :method => :get }
> > map.foo ''/foos/:id'', :controller =>
''foos'', :action => ''destroy'',
> > :conditions => { :method => :delete }
>
> > Get on foos/:id goes to show and delete on foos/:id goes to destroy.
> > Nice and restful so all good so far.
>
> > But now say if i have the following default route in my routes.rb
>
> > map.connect '':controller/:action/:id''
>
> > Now someone can explicitly type in the urlhttp://.../foos/destroy/123
> > and it will go to my destroy action in controller foos although this
> > action should only be accessed by a POST/DELETE not a GET.
>
> > Is there anyway to prevent a get on that action other than checking
> > within the controller itself?
>
> > def destroy
> >   return home_url unless method.delete?
> >   ...
> > end
>
> > Thanks!
> > --
> > Posted viahttp://www.ruby-forum.com/.--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Rails - Mar 2009 - Question on routes and default routes

Question on routes and default routes

Re: Question on routes and default routes

Re: Question on routes and default routes

Re: Question on routes and default routes