Today I am going to cover a very useful ActionController method that is straight from ActionController::Verification module - and is documented in the rails api. Verify will help you manage access to your controller's methods based on several different criteria - and I plan on covering the most useful (in my opinion!). Second I am going to cover a simple but useful ActionView helper - cycle.
So, lets get to the really cool ActionController method - verify. Verify is much like a before_filter - except it allows you to filter access to certain actions with a much finer control and by multiple criteria.
My first reaction to seeing verify in the API was total joy - I had a need to prevent access to an action in one of my controllers unless it were solely an AJAX request (just for added security) - and verify quickly provided the functionality I needed. So how do you use verify in your controller?
Just like before_filter - you place verify outside of your actions, within the controller class definition. Then you pass it your options in an easy to read :symbol => "value", :symbol => "value" setup. So - here is an example out of one of my controllers:
class UserController < ApplicationController
verify :params => "c", :xhr => TRUE, :only => "ajaxdump", :redirect_to => {:action => "index"}
def index
... index stuff here
end
def ajaxdump
...ajax calls here
end
end
In this example - verify gets 2 requirements for the ajaxdump action before a visitor is allowed to access it. First - there must be a key in the param array that matches "c", and second (and what made me so happy) is that the :xhr => TRUE requires that the request must be an AJAX request. If both of these assertions are not met then the user's browser is kindly redirected to the index action. So simple, yet so effective!
There are several options you can use, in fact - for easy reference, let me list the options and descriptions that are in the API:
* :params -- a single key or an array of keys that must be in the params hash in order for the action(s) to be safely called.
* :session -- a single key or an array of keys that must be in the @session in order for the action(s) to be safely called.
* :flash -- a single key or an array of keys that must be in the flash in order for the action(s) to be safely called.
* :method --a single key or an array of keys—any one of which must match the current request method in order for the action(s) to be safely called. (The key should be a symbol: :get or :post, for example.)
* :xhr --true/false option to ensure that the request is coming from an Ajax call or not.
* :add_flash -- a hash of name/value pairs that should be merged into the session’s flash if the prerequisites cannot be satisfied.
* :redirect_to --the redirection parameters to be used when redirecting if the prerequisites cannot be satisfied.
* :render -- the render parameters to be used when the prerequisites cannot be satisfied.
* :only --only apply this verification to the actions specified in the associated array (may also be a single value).
* :except --do not apply this verification to the actions specified in the associated array (may also be a single value).
As you can see - this is a very useful method that you can quickly slap into your controller to further control access to certain methods. If you need to make certain that 2 params are set, and that the method was indeed a post (no modified urls!) simply write something like this:
verify :params => {"username", "password"}, :method => :post, :only => "authenticate", :redirect_to => {:action => "login" }
That would work great for an authentication system - if the params are not set, redirect before you even do anything else - and as one of the options above suggests - you can even insert something into the :flash to explain the problem to your visitor. Very cool...
Well, now on to the other part of this post, the one that will take all of 3 paragraphs to explain. The useful, and probably overlooked, ActionView method - cycle. Cycle allows you to easily swap between options when working inside your views. Consider the following:
<% 5.times do %>
<div class=<%= cycle("blue","red","green")%>">Changing Classes!</div>
<% end %>
This simple loop prints out a div each time through, and like many tables with rows - you may want each div to stand out from each other. And what better way than to have the divs cycle through different classes - in which you can define the CSS to change background colors or font styles.
Cycle is called once in each iteration of the loop - and it simply pulls the next item in the group of options. So first time through it prints 'blue' second time 'red' and third 'green' - on the fourth run through it returns to 'blue' as you would expect.
But what if you needed to reset the internal cycle for some reason?
easy -- use the ready made answer reset_cycle(). To do this you will have to make one minor change to your cycle declaration:
cycle("red", "blue", "green" :name => "mycycle")
... and your reset_cycle() would be:
reset_cycle("mycycle")
Well thats it - verify is a pretty cool method - and I can definitely see value in its existence. Cycle is also pretty nifty - it can help save a bit of time and is so simple to remember. Of course, if you ever forget you can find them both in the Rails API. Until next post - happy coding!