openproject/lib/plugins/verification

This module provides a class-level method for specifying that certain
actions are guarded against being called without certain prerequisites
being met. This is essentially a special kind of before_filter.

An action may be guarded against being invoked without certain request
parameters being set, or without certain session values existing.

When a verification is violated, values may be inserted into the flash, and
a specified redirection is triggered. If no specific action is configured,
verification failures will by default result in a 400 Bad Request response.

Usage:

  class GlobalController < ActionController::Base
    # Prevent the #update_settings action from being invoked unless
    # the 'admin_privileges' request parameter exists. The
    # settings action will be redirected to in current controller
    # if verification fails.
    verify :params => "admin_privileges", :only => :update_post,
           :redirect_to => { :action => "settings" }

    # Disallow a post from being updated if there was no information
    # submitted with the post, and if there is no active post in the
    # session, and if there is no "note" key in the flash. The route
    # named category_url will be redirected to if verification fails.

    verify :params => "post", :session => "post", "flash" => "note",
           :only => :update_post,
           :add_flash => { "alert" => "Failed to create your message" },
           :redirect_to => :category_url

Note that these prerequisites are not business rules. They do not examine
the content of the session or the parameters. That level of validation should
be encapsulated by your domain model or helper methods in the controller.