actionpack 3.1.12 → 3.2.0.rc1

data/lib/action_controller/metal/helpers.rb

@@ -7,9 +7,12 @@ module ActionController
   # by default.
   #
   # In addition to using the standard template helpers provided, creating custom helpers to
-  # extract complicated logic or reusable functionality is strongly encouraged. By default, the controller will
-  # include a helper whose name matches that of the controller, e.g., <tt>MyController</tt> will automatically
-  # include <tt>MyHelper</tt>.
+  # extract complicated logic or reusable functionality is strongly encouraged. By default, each controller
+  # will include all helpers.
+  #
+  # In previous versions of \Rails the controller will include a helper whose
+  # name matches that of the controller, e.g., <tt>MyController</tt> will automatically
+  # include <tt>MyHelper</tt>. To return old behavior set +config.action_controller.include_all_helpers+ to +false+.
   #
   # Additional helpers can be specified using the +helper+ class method in ActionController::Base or any
   # controller which inherits from it.
@@ -29,7 +32,7 @@ module ActionController
   #   class EventsController < ActionController::Base
   #     helper FormattedTimeHelper
   #     def index
-  #       @events = Event.find(:all)
+  #       @events = Event.all
   #     end
   #   end
   #

data/lib/action_controller/metal/http_authentication.rb

@@ -192,15 +192,12 @@ module ActionController
           return false unless password
 
           method = request.env['rack.methodoverride.original_method'] || request.env['REQUEST_METHOD']
-          uri    = credentials[:uri][0,1] == '/' ? request.original_fullpath : request.original_url
+          uri    = credentials[:uri][0,1] == '/' ? request.fullpath : request.url
 
-          [true, false].any? do |trailing_question_mark|
-            [true, false].any? do |password_is_ha1|
-              _uri = trailing_question_mark ? uri + "?" : uri
-              expected = expected_response(method, _uri, credentials, password, password_is_ha1)
-              expected == credentials[:response]
-            end
-          end
+         [true, false].any? do |password_is_ha1|
+           expected = expected_response(method, uri, credentials, password, password_is_ha1)
+           expected == credentials[:response]
+         end
         end
       end
 
@@ -227,9 +224,9 @@ module ActionController
       end
 
       def decode_credentials(header)
-        HashWithIndifferentAccess[header.to_s.gsub(/^Digest\s+/,'').split(',').map do |pair|
+        Hash[header.to_s.gsub(/^Digest\s+/,'').split(',').map do |pair|
           key, value = pair.split('=', 2)
-          [key.strip, value.to_s.gsub(/^"|"$/,'').delete('\'')]
+          [key.strip.to_sym, value.to_s.gsub(/^"|"$/,'').gsub(/'/, '')]
         end]
       end
 
@@ -403,7 +400,7 @@ module ActionController
       # the present token and options.
       #
       # controller      - ActionController::Base instance for the current request.
-      # login_procedure - Proc to call if a token is present.  The Proc should
+      # login_procedure - Proc to call if a token is present. The Proc should
       #                   take 2 arguments:
       #                     authenticate(controller) { |token, options| ... }
       #
@@ -416,7 +413,7 @@ module ActionController
         end
       end
 
-      # Parses the token and options out of the token authorization header.  If
+      # Parses the token and options out of the token authorization header. If
       # the header looks like this:
       #   Authorization: Token token="abc", nonce="def"
       # Then the returned token is "abc", and the options is {:nonce => "def"}

data/lib/action_controller/metal/instrumentation.rb

@@ -58,13 +58,18 @@ module ActionController
     def redirect_to(*args)
       ActiveSupport::Notifications.instrument("redirect_to.action_controller") do |payload|
         result = super
-        payload[:status]   = self.status
-        payload[:location] = self.location
+        payload[:status]   = response.status
+        payload[:location] = response.location
         result
       end
     end
 
-  protected
+  private
+
+    # A hook invoked everytime a before callback is halted.
+    def halted_callback_hook(filter)
+      ActiveSupport::Notifications.instrument("halted_callback.action_controller", :filter => filter)
+    end
 
     # A hook which allows you to clean up any time taken into account in
     # views wrongly, like database querying time.
@@ -97,4 +102,4 @@ module ActionController
       end
     end
   end
-end
+end

data/lib/action_controller/metal/mime_responds.rb

@@ -42,8 +42,8 @@ module ActionController #:nodoc:
       def respond_to(*mimes)
         options = mimes.extract_options!
 
-        only_actions   = Array(options.delete(:only))
-        except_actions = Array(options.delete(:except))
+        only_actions   = Array(options.delete(:only)).map(&:to_s)
+        except_actions = Array(options.delete(:except)).map(&:to_s)
 
         new = mimes_for_respond_to.dup
         mimes.each do |mime|
@@ -182,7 +182,7 @@ module ActionController #:nodoc:
     #
     #     def index
     #       @people = Person.all
-    #       respond_with(@person)
+    #       respond_with(@people)
     #     end
     #   end
     #
@@ -245,7 +245,7 @@ module ActionController #:nodoc:
     # current action.
     #
     def collect_mimes_from_class_level #:nodoc:
-      action = action_name.to_sym
+      action = action_name.to_s
 
       self.class.mimes_for_respond_to.keys.select do |mime|
         config = self.class.mimes_for_respond_to[mime]

data/lib/action_controller/metal/params_wrapper.rb

@@ -43,6 +43,11 @@ module ActionController
   #       wrap_parameters :person, :include => [:username, :password]
   #     end
   #
+  # On ActiveRecord models with no +:include+ or +:exclude+ option set, 
+  # if attr_accessible is set on that model, it will only wrap the accessible
+  # parameters, else it will only wrap the parameters returned by the class 
+  # method attribute_names.
+  #
   # If you're going to pass the parameters to an +ActiveModel+ object (such as
   # +User.new(params[:user])+), you might consider passing the model class to
   # the method instead. The +ParamsWrapper+ will actually try to determine the
@@ -141,19 +146,16 @@ module ActionController
       # try to find Foo::Bar::User, Foo::User and finally User.
       def _default_wrap_model #:nodoc:
         return nil if self.anonymous?
-
-        model_name = self.name.sub(/Controller$/, '').singularize
+        model_name = self.name.sub(/Controller$/, '').classify
 
         begin
-          model_klass = model_name.constantize
-        rescue NameError, ArgumentError => e
-          if e.message =~ /is not missing constant|uninitialized constant #{model_name}/
+          if model_klass = model_name.safe_constantize
+            model_klass
+          else
             namespaces = model_name.split("::")
             namespaces.delete_at(-2)
             break if namespaces.last == model_name
             model_name = namespaces.join("::")
-          else
-            raise
           end
         end until model_klass
 
@@ -165,7 +167,9 @@ module ActionController
 
         unless options[:include] || options[:exclude]
           model ||= _default_wrap_model
-          if model.respond_to?(:attribute_names) && model.attribute_names.present?
+          if model.respond_to?(:accessible_attributes) && model.accessible_attributes.present?
+            options[:include] = model.accessible_attributes.to_a
+          elsif model.respond_to?(:attribute_names) && model.attribute_names.present?
             options[:include] = model.attribute_names
           end
         end

data/lib/action_controller/metal/redirecting.rb

@@ -18,7 +18,7 @@ module ActionController
     #
     # * <tt>Hash</tt> - The URL will be generated by calling url_for with the +options+.
     # * <tt>Record</tt> - The URL will be generated by calling url_for with the +options+, which will reference a named URL for that record.
-    # * <tt>String</tt> starting with <tt>protocol://</tt> (like <tt>http://</tt>) - Is passed straight through as the target for redirection.
+    # * <tt>String</tt> starting with <tt>protocol://</tt> (like <tt>http://</tt>) or a protocol relative reference (like <tt>//</tt>) - Is passed straight through as the target for redirection.
     # * <tt>String</tt> not containing a protocol - The current protocol and host is prepended to the string.
     # * <tt>Proc</tt> - A block that will be executed in the controller's context. Should return any option accepted by +redirect_to+.
     # * <tt>:back</tt> - Back to the page that issued the request. Useful for forms that are triggered from multiple places.
@@ -54,10 +54,10 @@ module ActionController
     #   redirect_to post_url(@post), :status => 301, :flash => { :updated_post_id => @post.id }
     #   redirect_to { :action=>'atom' }, :alert => "Something serious happened"
     #
-    # When using <tt>redirect_to :back</tt>, if there is no referrer, RedirectBackError will be raised. You may specify some fallback
-    # behavior for this case by rescuing RedirectBackError.
+    # When using <tt>redirect_to :back</tt>, if there is no referrer, ActionController::RedirectBackError will be raised. You may specify some fallback
+    # behavior for this case by rescuing ActionController::RedirectBackError.
     def redirect_to(options = {}, response_status = {}) #:doc:
-      raise ActionControllerError.new("Cannot redirect to nil!") if options.nil?
+      raise ActionControllerError.new("Cannot redirect to nil!") unless options
       raise AbstractController::DoubleRenderError if response_body
 
       self.status        = _extract_redirect_to_status(options, response_status)
@@ -81,7 +81,8 @@ module ActionController
         # The scheme name consist of a letter followed by any combination of
         # letters, digits, and the plus ("+"), period ("."), or hyphen ("-")
         # characters; and is terminated by a colon (":").
-        when %r{^\w[\w+.-]*:.*}
+        # The protocol relative scheme starts with a double slash "//"
+        when %r{^(\w[\w+.-]*:|//).*}
           options
         when String
           request.protocol + request.host_with_port + options
@@ -92,7 +93,7 @@ module ActionController
           _compute_redirect_to_location options.call
         else
           url_for(options)
-        end.gsub(/[\0\r\n]/, '')
+        end.gsub(/[\r\n]/, '')
       end
   end
 end

data/lib/action_controller/metal/renderers.rb

@@ -1,5 +1,6 @@
 require 'active_support/core_ext/class/attribute'
 require 'active_support/core_ext/object/blank'
+require 'set'
 
 module ActionController
   # See <tt>Renderers.add</tt>
@@ -12,16 +13,13 @@ module ActionController
 
     included do
       class_attribute :_renderers
-      self._renderers = {}.freeze
+      self._renderers = Set.new.freeze
     end
 
     module ClassMethods
       def use_renderers(*args)
-        new = _renderers.dup
-        args.each do |key|
-          new[key] = RENDERERS[key]
-        end
-        self._renderers = new.freeze
+        renderers = _renderers + args
+        self._renderers = renderers.freeze
       end
       alias use_renderer use_renderers
     end
@@ -31,10 +29,10 @@ module ActionController
     end
 
     def _handle_render_options(options)
-      _renderers.each do |name, value|
-        if options.key?(name.to_sym)
+      _renderers.each do |name|
+        if options.key?(name)
           _process_options(options)
-          return send("_render_option_#{name}", options.delete(name.to_sym), options)
+          return send("_render_option_#{name}", options.delete(name), options)
         end
       end
       nil
@@ -42,7 +40,7 @@ module ActionController
 
     # Hash of available renderers, mapping a renderer name to its proc.
     # Default keys are :json, :js, :xml.
-    RENDERERS = {}
+    RENDERERS = Set.new
 
     # Adds a new renderer to call within controller actions.
     # A renderer is invoked by passing its name as an option to
@@ -79,7 +77,7 @@ module ActionController
     # <tt>ActionController::MimeResponds#respond_with</tt>
     def self.add(key, &block)
       define_method("_render_option_#{key}", &block)
-      RENDERERS[key] = block
+      RENDERERS << key.to_sym
     end
 
     module All

data/lib/action_controller/metal/request_forgery_protection.rb

@@ -1,4 +1,5 @@
 require 'active_support/core_ext/class/attribute'
+require 'action_controller/metal/exceptions'
 
 module ActionController #:nodoc:
   class InvalidAuthenticityToken < ActionControllerError #:nodoc:
@@ -73,7 +74,7 @@ module ActionController #:nodoc:
       # The actual before_filter that is used. Modify this to change how you handle unverified requests.
       def verify_authenticity_token
         unless verified_request?
-          logger.debug "WARNING: Can't verify CSRF token authenticity" if logger
+          logger.warn "WARNING: Can't verify CSRF token authenticity" if logger
           handle_unverified_request
         end
       end

data/lib/action_controller/metal/rescue.rb

@@ -1,4 +1,7 @@
 module ActionController #:nodoc:
+  # This module is responsible to provide `rescue_from` helpers
+  # to controllers and configure when detailed exceptions must be
+  # shown.
   module Rescue
     extend ActiveSupport::Concern
     include ActiveSupport::Rescuable
@@ -12,10 +15,20 @@ module ActionController #:nodoc:
       super(exception)
     end
 
+    # Override this method if you want to customize when detailed
+    # exceptions must be shown. This method is only called when
+    # consider_all_requests_local is false. By default, it returns
+    # false, but someone may set it to `request.local?` so local
+    # requests in production still shows the detailed exception pages.
+    def show_detailed_exceptions?
+      false
+    end
+
     private
       def process_action(*args)
         super
       rescue Exception => exception
+        request.env['action_dispatch.show_detailed_exceptions'] ||= show_detailed_exceptions?
         rescue_with_handler(exception) || raise(exception)
       end
   end

data/lib/action_controller/metal/responder.rb

@@ -9,7 +9,7 @@ module ActionController #:nodoc:
   #     respond_to :html, :xml, :json
   #
   #     def index
-  #       @people = Person.find(:all)
+  #       @people = Person.all
   #       respond_with(@people)
   #     end
   #   end
@@ -84,8 +84,8 @@ module ActionController #:nodoc:
   #
   # === Custom options
   #
-  # <code>respond_with</code> also allow you to pass options that are forwarded
-  # to the underlying render call. Those options are only applied success
+  # <code>respond_with</code> also allows you to pass options that are forwarded
+  # to the underlying render call. Those options are only applied for success
   # scenarios. For instance, you can do the following in the create method above:
   #
   #   def create
@@ -95,7 +95,7 @@ module ActionController #:nodoc:
   #     respond_with(@project, @task, :status => 201)
   #   end
   #
-  # This will return status 201 if the task was saved with success. If not,
+  # This will return status 201 if the task was saved successfully. If not,
   # it will simply ignore the given options and return status 422 and the
   # resource errors. To customize the failure scenario, you can pass a
   # a block to <code>respond_with</code>:
@@ -202,10 +202,8 @@ module ActionController #:nodoc:
         display resource
       elsif post?
         display resource, :status => :created, :location => api_location
-      elsif has_empty_resource_definition?
-        display empty_resource, :status => :ok
       else
-        head :ok
+        head :no_content
       end
     end
 
@@ -224,7 +222,7 @@ module ActionController #:nodoc:
     alias :navigation_location :resource_location
     alias :api_location :resource_location
 
-    # If a given response block was given, use it, otherwise call render on
+    # If a response block was given, use it, otherwise call render on
     # controller.
     #
     def default_render
@@ -253,7 +251,7 @@ module ActionController #:nodoc:
     end
 
     def display_errors
-      controller.render format => resource.errors, :status => :unprocessable_entity
+      controller.render format => resource_errors, :status => :unprocessable_entity
     end
 
     # Check whether the resource has errors.
@@ -269,22 +267,12 @@ module ActionController #:nodoc:
       @action ||= ACTIONS_FOR_VERBS[request.request_method_symbol]
     end
 
-    # Check whether resource needs a specific definition of empty resource to be valid
-    #
-    def has_empty_resource_definition?
-      respond_to?("empty_#{format}_resource", true)
+    def resource_errors
+      respond_to?("#{format}_resource_errors") ? send("#{format}_resource_errors") : resource.errors
     end
 
-    # Delegate to proper empty resource method
-    #
-    def empty_resource
-      send("empty_#{format}_resource")
-    end
-
-    # Return a valid empty JSON resource
-    #
-    def empty_json_resource
-      "{}"
+    def json_resource_errors
+      {:errors => resource.errors}
     end
   end
 end

data/lib/action_controller/metal/streaming.rb

@@ -200,34 +200,9 @@ module ActionController #:nodoc:
     extend ActiveSupport::Concern
 
     include AbstractController::Rendering
-    attr_internal :stream
-
-    module ClassMethods
-      # Render streaming templates. It accepts :only, :except, :if and :unless as options
-      # to specify when to stream, as in ActionController filters.
-      def stream(options={})
-        ActiveSupport::Deprecation.warn "stream class method is deprecated. Please give the :stream option to render instead"
-        if defined?(Fiber)
-          before_filter :_stream_filter, options
-        else
-          raise "You cannot use streaming if Fiber is not available."
-        end
-      end
-    end
 
     protected
 
-    # Mark following render calls as streaming.
-    def _stream_filter #:nodoc:
-      self.stream = true
-    end
-
-    # Consider the stream option when normalazing options.
-    def _normalize_options(options) #:nodoc:
-      super
-      options[:stream] = self.stream unless options.key?(:stream)
-    end
-
     # Set proper cache control and transfer encoding when streaming
     def _process_options(options) #:nodoc:
       super

data/lib/action_controller/railtie.rb

@@ -29,6 +29,7 @@ module ActionController
       # make sure readers methods get compiled
       options.asset_path           ||= app.config.asset_path
       options.asset_host           ||= app.config.asset_host
+      options.relative_url_root    ||= app.config.relative_url_root
 
       ActiveSupport.on_load(:action_controller) do
         include app.routes.mounted_helpers