OpenProject is the leading open source project management software.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 
openproject/lib_static/plugins/verification
Christophe Bliard 48a4f1b6ad
lint with rubocop --autocorrect (safe cops only)
3 years ago
..
lib/action_controller lint with rubocop --autocorrect (safe cops only) 3 years ago
MIT-LICENSE introduce lib_static 3 years ago
README introduce lib_static 3 years ago
Rakefile introduce lib_static 3 years ago
init.rb introduce lib_static 3 years ago

README

This module provides a class-level method for specifying that certain
actions are guarded against being called without certain prerequisites
being met. This is essentially a special kind of before_filter.

An action may be guarded against being invoked without certain request
parameters being set, or without certain session values existing.

When a verification is violated, values may be inserted into the flash, and
a specified redirection is triggered. If no specific action is configured,
verification failures will by default result in a 400 Bad Request response.

Usage:

class GlobalController < ActionController::Base
# Prevent the #update_settings action from being invoked unless
# the 'admin_privileges' request parameter exists. The
# settings action will be redirected to in current controller
# if verification fails.
verify :params => "admin_privileges", :only => :update_post,
:redirect_to => { :action => "settings" }

# Disallow a post from being updated if there was no information
# submitted with the post, and if there is no active post in the
# session, and if there is no "note" key in the flash. The route
# named category_url will be redirected to if verification fails.

verify :params => "post", :session => "post", "flash" => "note",
:only => :update_post,
:add_flash => { "alert" => "Failed to create your message" },
:redirect_to => :category_url

Note that these prerequisites are not business rules. They do not examine
the content of the session or the parameters. That level of validation should
be encapsulated by your domain model or helper methods in the controller.