Module: Mack::Utils::ForgeryDetector::ClassMethods

Defined in:

lib/mack/utils/forgery_detector.rb

Instance Method Summary

• #disable_forgery_detector(options = {}) ⇒ Object

  By default the framework will try to validate incoming HTTP request (other than GET) by validating a secret token stored as hidden field in the posted form.

• #ignored_actions ⇒ Object

  :nodoc:.

Instance Method Details

#disable_forgery_detector(options = {}) ⇒ Object

By default the framework will try to validate incoming HTTP request (other than GET) by validating a secret token stored as hidden field in the posted form.

There are 2 ways of disabling this feature:

1. Globally disabling this feature by setting mack::disable_forgery_detector to true in app_config
2. In a controller, call this method (disable_forgery_detector) to disable the detection for a specified set of methods.

Supported options: :only => list_of_methods. This directive will tell the framework only disable the detection for the specified list of methods. :except => list_of_methods This directive will tell the framework to disable the detection for all methods except the ones specified.

Example: class MyController include Mack::Controller disable_forgery_detector :only => [:test1, :test2]

def test1
end

def test2

end

Notes:

• This method will not work properly if both :only and :except options are passed in
• In inherited case, the following behavior is to be expected:
  • If the super class declare that it wants to disable detection for all methods, and the subclass declare that it wants to disable detection for only a set of methods, then when the subclass is run, the "disable all detection" from the parent class will be overwritten
  • On the other hand, if the super class declare that it wants to disable a set of methods, and the subclass also declare it wants to disable a set of methods from its own set. Then the "only" list will be the combination of both
  • The first rule apply in inheritance; this method will not work properly if superclass declear "except" list, and subclass declare "only" list

# File 'lib/mack/utils/forgery_detector.rb', line 47

def disable_forgery_detector(options = {})
  hash = self.ignored_actions
  hash[:all] = true and return if options.empty?

  # TODO: should raise error if type is invalid
  type = options[:only] ? :only : (options[:except] ? :except : :unknown)
  list = options[:only] ? [options[:only]].flatten : (options[:except] ? [options[:except]].flatten : [])
  if !list.empty?
    hash[type] ||= []
    hash[type] << list
    hash[type].flatten!
    hash[type].uniq!
    hash[:all] = false
  end
end

#ignored_actions ⇒ Object

:nodoc:

# File 'lib/mack/utils/forgery_detector.rb', line 63

def ignored_actions # :nodoc:
  unless @ignored_actions
    @ignored_actions = {}
    sc = self.superclass
    if sc.class_is_a?(Mack::Controller)
      sc_hash = sc.ignored_actions
      if sc_hash[:only]
        @ignored_actions[:only] ||= []
        @ignored_actions[:only] << sc_hash[:only]
        @ignored_actions[:only].flatten!
      elsif sc_hash[:except]
        @ignored_actions[:except] ||= []
        @ignored_actions[:except] << sc_hash[:except]
        @ignored_actions[:except].flatten!
      elsif sc_hash[:all]
        @ignored_actions[:all] = sc_hash[:all]
      end
    end
  end
  return @ignored_actions
end