actionpack 3.2.19 → 4.2.11.3

data/lib/abstract_controller/rendering.rb

@@ -1,6 +1,8 @@
-require "abstract_controller/base"
-require "action_view"
-require "active_support/core_ext/object/instance_variables"
+require 'active_support/concern'
+require 'active_support/core_ext/class/attribute'
+require 'action_view'
+require 'action_view/view_paths'
+require 'set'
 
 module AbstractController
   class DoubleRenderError < Error
@@ -11,169 +13,114 @@ module AbstractController
     end
   end
 
-  # This is a class to fix I18n global state. Whenever you provide I18n.locale during a request,
-  # it will trigger the lookup_context and consequently expire the cache.
-  class I18nProxy < ::I18n::Config #:nodoc:
-    attr_reader :original_config, :lookup_context
-
-    def initialize(original_config, lookup_context)
-      original_config = original_config.original_config if original_config.respond_to?(:original_config)
-      @original_config, @lookup_context = original_config, lookup_context
-    end
-
-    def locale
-      @original_config.locale
-    end
-
-    def locale=(value)
-      @lookup_context.locale = value
-    end
-  end
-
   module Rendering
     extend ActiveSupport::Concern
-    include AbstractController::ViewPaths
-
-    included do
-      class_attribute :protected_instance_variables
-      self.protected_instance_variables = []
-    end
-
-    # Overwrite process to setup I18n proxy.
-    def process(*) #:nodoc:
-      old_config, I18n.config = I18n.config, I18nProxy.new(I18n.config, lookup_context)
-      super
-    ensure
-      I18n.config = old_config
-    end
-
-    module ClassMethods
-      def view_context_class
-        @view_context_class ||= begin
-          routes  = _routes  if respond_to?(:_routes)
-          helpers = _helpers if respond_to?(:_helpers)
-          ActionView::Base.prepare(routes, helpers)
-        end
-      end
-    end
-
-    attr_internal_writer :view_context_class
-
-    def view_context_class
-      @_view_context_class ||= self.class.view_context_class
-    end
-
-    # An instance of a view class. The default view class is ActionView::Base
-    #
-    # The view class must have the following methods:
-    # View.new[lookup_context, assigns, controller]
-    #   Create a new ActionView instance for a controller
-    # View#render[options]
-    #   Returns String with the rendered template
-    #
-    # Override this method in a module to change the default behavior.
-    def view_context
-      view_context_class.new(view_renderer, view_assigns, self)
-    end
-
-    # Returns an object that is able to render templates.
-    def view_renderer
-      @_view_renderer ||= ActionView::Renderer.new(lookup_context)
-    end
+    include ActionView::ViewPaths
 
     # Normalize arguments, options and then delegates render_to_body and
     # sticks the result in self.response_body.
+    # :api: public
     def render(*args, &block)
       options = _normalize_render(*args, &block)
       self.response_body = render_to_body(options)
+      _process_format(rendered_format, options) if rendered_format
+      self.response_body
     end
 
-    # Raw rendering of a template to a string. Just convert the results of
-    # render_response into a String.
+    # Raw rendering of a template to a string.
+    #
+    # It is similar to render, except that it does not
+    # set the response_body and it should be guaranteed
+    # to always return a string.
+    #
+    # If a component extends the semantics of response_body
+    # (as Action Controller extends it to be anything that
+    # responds to the method each), this method needs to be
+    # overridden in order to still return a string.
     # :api: plugin
     def render_to_string(*args, &block)
       options = _normalize_render(*args, &block)
       render_to_body(options)
     end
 
-    # Raw rendering of a template to a Rack-compatible body.
-    # :api: plugin
+    # Performs the actual template rendering.
+    # :api: public
     def render_to_body(options = {})
-      _process_options(options)
-      _render_template(options)
     end
 
-    # Find and renders a template based on the options given.
-    # :api: private
-    def _render_template(options) #:nodoc:
-      lookup_context.rendered_format = nil if options[:formats]
-      view_renderer.render(view_context, options)
+    # Returns Content-Type of rendered content
+    # :api: public
+    def rendered_format
+      Mime::TEXT
     end
 
-    DEFAULT_PROTECTED_INSTANCE_VARIABLES = %w(
+    DEFAULT_PROTECTED_INSTANCE_VARIABLES = Set.new %w(
       @_action_name @_response_body @_formats @_prefixes @_config
       @_view_context_class @_view_renderer @_lookup_context
-    )
+      @_routes @_db_runtime
+    ).map(&:to_sym)
 
     # This method should return a hash with assigns.
     # You can overwrite this configuration per controller.
     # :api: public
     def view_assigns
-      hash = {}
-      variables  = instance_variable_names
-      variables -= protected_instance_variables
-      variables -= DEFAULT_PROTECTED_INSTANCE_VARIABLES
-      variables.each { |name| hash[name.to_s[1, name.length]] = instance_variable_get(name) }
-      hash
-    end
+      protected_vars = _protected_ivars
+      variables      = instance_variables
 
-    private
-
-    # Normalize args and options.
-    # :api: private
-    def _normalize_render(*args, &block)
-      options = _normalize_args(*args, &block)
-      _normalize_options(options)
-      options
+      variables.reject! { |s| protected_vars.include? s }
+      variables.each_with_object({}) { |name, hash|
+        hash[name.slice(1, name.length)] = instance_variable_get(name)
+      }
     end
 
     # Normalize args by converting render "foo" to render :action => "foo" and
     # render "foo/bar" to render :file => "foo/bar".
     # :api: plugin
     def _normalize_args(action=nil, options={})
-      case action
-      when NilClass
-      when Hash
-        options = action
-      when String, Symbol
-        action = action.to_s
-        key = action.include?(?/) ? :file : :action
-        options[key] = action
+      if action.respond_to?(:permitted?)
+        if action.permitted?
+          action
+        else
+          raise ArgumentError, "render parameters are not permitted"
+        end
+      elsif action.is_a?(Hash)
+        action
       else
-        options[:partial] = action
+        options
       end
-
-      options
     end
 
     # Normalize options.
     # :api: plugin
     def _normalize_options(options)
-      if options[:partial] == true
-        options[:partial] = action_name
-      end
-
-      if (options.keys & [:partial, :file, :template]).empty?
-        options[:prefixes] ||= _prefixes
-      end
-
-      options[:template] ||= (options[:action] || action_name).to_s
       options
     end
 
     # Process extra options.
     # :api: plugin
     def _process_options(options)
+      options
+    end
+
+    # Process the rendered format.
+    # :api: private
+    def _process_format(format, options = {})
+    end
+
+    # Normalize args and options.
+    # :api: private
+    def _normalize_render(*args, &block)
+      options = _normalize_args(*args, &block)
+      #TODO: remove defined? when we restore AP <=> AV dependency
+      if defined?(request) && request && request.variant.present?
+        options[:variant] = request.variant
+      end
+      _normalize_options(options)
+      options
+    end
+
+    def _protected_ivars # :nodoc:
+      DEFAULT_PROTECTED_INSTANCE_VARIABLES
     end
   end
 end

data/lib/abstract_controller/translation.rb

@@ -1,13 +1,28 @@
 module AbstractController
   module Translation
+    # Delegates to <tt>I18n.translate</tt>. Also aliased as <tt>t</tt>.
+    #
+    # When the given key starts with a period, it will be scoped by the current
+    # controller and action. So if you call <tt>translate(".foo")</tt> from
+    # <tt>PeopleController#index</tt>, it will convert the call to
+    # <tt>I18n.translate("people.index.foo")</tt>. This makes it less repetitive
+    # to translate many keys within the same controller / action and gives you a
+    # simple framework for scoping them consistently.
     def translate(*args)
+      key = args.first
+      if key.is_a?(String) && (key[0] == '.')
+        key = "#{ controller_path.tr('/', '.') }.#{ action_name }#{ key }"
+        args[0] = key
+      end
+
       I18n.translate(*args)
     end
     alias :t :translate
 
+    # Delegates to <tt>I18n.localize</tt>. Also aliased as <tt>l</tt>.
     def localize(*args)
       I18n.localize(*args)
     end
     alias :l :localize
   end
-end
+end

data/lib/abstract_controller/url_for.rb

@@ -1,17 +1,17 @@
-# Includes +url_for+ into the host class (e.g. an abstract controller or mailer). The class
-# has to provide a +RouteSet+ by implementing the <tt>_routes</tt> methods. Otherwise, an
-# exception will be raised.
-#
-# Note that this module is completely decoupled from HTTP - the only requirement is a valid 
-# <tt>_routes</tt> implementation.
 module AbstractController
+  # Includes +url_for+ into the host class (e.g. an abstract controller or mailer). The class
+  # has to provide a +RouteSet+ by implementing the <tt>_routes</tt> methods. Otherwise, an
+  # exception will be raised.
+  #
+  # Note that this module is completely decoupled from HTTP - the only requirement is a valid
+  # <tt>_routes</tt> implementation.
   module UrlFor
     extend ActiveSupport::Concern
     include ActionDispatch::Routing::UrlFor
 
     def _routes
       raise "In order to use #url_for, you must include routing helpers explicitly. " \
-            "For instance, `include Rails.application.routes.url_helpers"
+            "For instance, `include Rails.application.routes.url_helpers`."
     end
 
     module ClassMethods

data/lib/abstract_controller.rb

@@ -1,13 +1,6 @@
-activesupport_path = File.expand_path('../../../activesupport/lib', __FILE__)
-$:.unshift(activesupport_path) if File.directory?(activesupport_path) && !$:.include?(activesupport_path)
-
 require 'action_pack'
-require 'active_support/concern'
-require 'active_support/ruby/shim'
-require 'active_support/dependencies/autoload'
-require 'active_support/core_ext/class/attribute'
+require 'active_support/rails'
 require 'active_support/core_ext/module/attr_internal'
-require 'active_support/core_ext/module/delegation'
 require 'active_support/core_ext/module/anonymous'
 require 'active_support/i18n'
 
@@ -17,12 +10,11 @@ module AbstractController
   autoload :Base
   autoload :Callbacks
   autoload :Collector
+  autoload :DoubleRenderError, "abstract_controller/rendering"
   autoload :Helpers
-  autoload :Layouts
   autoload :Logger
   autoload :Rendering
   autoload :Translation
   autoload :AssetPaths
-  autoload :ViewPaths
   autoload :UrlFor
 end

data/lib/action_controller/base.rb

@@ -1,8 +1,10 @@
+require 'action_view'
 require "action_controller/log_subscriber"
+require "action_controller/metal/params_wrapper"
 
 module ActionController
   # Action Controllers are the core of a web request in \Rails. They are made up of one or more actions that are executed
-  # on request and then either render a template or redirect to another action. An action is defined as a public method
+  # on request and then either it renders a template or redirects to another action. An action is defined as a public method
   # on the controller, which will automatically be made accessible to the web-server through \Rails Routes.
   #
   # By default, only the ApplicationController in a \Rails application inherits from <tt>ActionController::Base</tt>. All other
@@ -42,8 +44,8 @@ module ActionController
   # The full request object is available via the request accessor and is primarily used to query for HTTP headers:
   #
   #   def server_ip
-  #     location = request.env["SERVER_ADDR"]
-  #     render :text => "This server hosted at #{location}"
+  #     location = request.env["REMOTE_ADDR"]
+  #     render plain: "This server hosted at #{location}"
   #   end
   #
   # == Parameters
@@ -58,7 +60,7 @@ module ActionController
   #   <input type="text" name="post[address]" value="hyacintvej">
   #
   # A request stemming from a form holding these inputs will include <tt>{ "post" => { "name" => "david", "address" => "hyacintvej" } }</tt>.
-  # If the address input had been named "post[address][street]", the params would have included
+  # If the address input had been named <tt>post[address][street]</tt>, the params would have included
   # <tt>{ "post" => { "address" => { "street" => "hyacintvej" } } }</tt>. There's no limit to the depth of the nesting.
   #
   # == Sessions
@@ -84,19 +86,10 @@ module ActionController
   # or you can remove the entire session with +reset_session+.
   #
   # Sessions are stored by default in a browser cookie that's cryptographically signed, but unencrypted.
-  # This prevents the user from tampering with the session but also allows him to see its contents.
+  # This prevents the user from tampering with the session but also allows them to see its contents.
   #
   # Do not put secret information in cookie-based sessions!
   #
-  # Other options for session storage:
-  #
-  # * ActiveRecord::SessionStore - Sessions are stored in your database, which works better than PStore with multiple app servers and,
-  #   unlike CookieStore, hides your session contents from the user. To use ActiveRecord::SessionStore, set
-  #
-  #     MyApplication::Application.config.session_store :active_record_store
-  #
-  #   in your <tt>config/initializers/session_store.rb</tt> and run <tt>script/rails g session_migration</tt>.
-  #
   # == Responses
   #
   # Each action results in a response, which holds the headers and document to be sent to the user's browser. The actual response
@@ -116,15 +109,15 @@ module ActionController
   #
   #   Title: <%= @post.title %>
   #
-  # You don't have to rely on the automated rendering. For example, actions that could result in the rendering of different templates 
+  # You don't have to rely on the automated rendering. For example, actions that could result in the rendering of different templates
   # will use the manual rendering methods:
   #
   #   def search
   #     @results = Search.find(params[:query])
   #     case @results.count
-  #       when 0 then render :action => "no_results"
-  #       when 1 then render :action => "show"
-  #       when 2..10 then render :action => "show_many"
+  #       when 0 then render action: "no_results"
+  #       when 1 then render action: "show"
+  #       when 2..10 then render action: "show_many"
   #     end
   #   end
   #
@@ -133,14 +126,14 @@ module ActionController
   # == Redirects
   #
   # Redirects are used to move from one action to another. For example, after a <tt>create</tt> action, which stores a blog entry to the
-  # database, we might like to show the user the new entry. Because we're following good DRY principles (Don't Repeat Yourself), we're 
+  # database, we might like to show the user the new entry. Because we're following good DRY principles (Don't Repeat Yourself), we're
   # going to reuse (and redirect to) a <tt>show</tt> action that we'll assume has already been created. The code might look like this:
   #
   #   def create
   #     @entry = Entry.new(params[:entry])
   #     if @entry.save
   #       # The entry was saved correctly, redirect to show
-  #       redirect_to :action => 'show', :id => @entry.id
+  #       redirect_to action: 'show', id: @entry.id
   #     else
   #       # things didn't go so well, do something else
   #     end
@@ -157,20 +150,48 @@ module ActionController
   # An action may contain only a single render or a single redirect. Attempting to try to do either again will result in a DoubleRenderError:
   #
   #   def do_something
-  #     redirect_to :action => "elsewhere"
-  #     render :action => "overthere" # raises DoubleRenderError
+  #     redirect_to action: "elsewhere"
+  #     render action: "overthere" # raises DoubleRenderError
   #   end
   #
   # If you need to redirect on the condition of something, then be sure to add "and return" to halt execution.
   #
   #   def do_something
-  #     redirect_to(:action => "elsewhere") and return if monkeys.nil?
-  #     render :action => "overthere" # won't be called if monkeys is nil
+  #     redirect_to(action: "elsewhere") and return if monkeys.nil?
+  #     render action: "overthere" # won't be called if monkeys is nil
   #   end
   #
   class Base < Metal
     abstract!
 
+    # We document the request and response methods here because albeit they are
+    # implemented in ActionController::Metal, the type of the returned objects
+    # is unknown at that level.
+
+    ##
+    # :method: request
+    #
+    # Returns an ActionDispatch::Request instance that represents the
+    # current request.
+
+    ##
+    # :method: response
+    #
+    # Returns an ActionDispatch::Response that represents the current
+    # response.
+
+    # Shortcut helper that returns all the modules included in
+    # ActionController::Base except the ones passed as arguments:
+    #
+    #   class MyBaseController < ActionController::Metal
+    #     ActionController::Base.without_modules(:ParamsWrapper, :Streaming).each do |left|
+    #       include left
+    #     end
+    #   end
+    #
+    # This gives better control over what you want to exclude and makes it
+    # easier to create a bare controller class, instead of listing the modules
+    # required manually.
     def self.without_modules(*modules)
       modules = modules.map do |m|
         m.is_a?(Symbol) ? ActionController.const_get(m) : m
@@ -180,7 +201,7 @@ module ActionController
     end
 
     MODULES = [
-      AbstractController::Layouts,
+      AbstractController::Rendering,
       AbstractController::Translation,
       AbstractController::AssetPaths,
 
@@ -188,13 +209,16 @@ module ActionController
       HideActions,
       UrlFor,
       Redirecting,
+      ActionView::Layouts,
       Rendering,
       Renderers::All,
       ConditionalGet,
+      EtagWithTemplateDigest,
       RackDelegation,
       Caching,
       MimeResponds,
       ImplicitRender,
+      StrongParameters,
 
       Cookies,
       Flash,
@@ -202,7 +226,6 @@ module ActionController
       ForceSSL,
       Streaming,
       DataStreaming,
-      RecordIdentifier,
       HttpAuthentication::Basic::ControllerMethods,
       HttpAuthentication::Digest::ControllerMethods,
       HttpAuthentication::Token::ControllerMethods,
@@ -227,8 +250,18 @@ module ActionController
       include mod
     end
 
-    # Rails 2.x compatibility
-    include ActionController::Compatibility
+    # Define some internal variables that should not be propagated to the view.
+    PROTECTED_IVARS = AbstractController::Rendering::DEFAULT_PROTECTED_INSTANCE_VARIABLES + [
+      :@_status, :@_headers, :@_params, :@_env, :@_response, :@_request,
+      :@_view_runtime, :@_stream, :@_url_options, :@_action_has_layout ]
+
+    def _protected_ivars # :nodoc:
+      PROTECTED_IVARS
+    end
+
+    def self.protected_instance_variables
+      PROTECTED_IVARS
+    end
 
     ActiveSupport.run_load_hooks(:action_controller, self)
   end

data/lib/action_controller/caching/fragments.rb

@@ -1,59 +1,29 @@
-module ActionController #:nodoc:
+module ActionController
   module Caching
-    # Fragment caching is used for caching various blocks within 
+    # Fragment caching is used for caching various blocks within
     # views without caching the entire action as a whole. This is
-    # useful when certain elements of an action change frequently or 
-    # depend on complicated state while other parts rarely change or 
+    # useful when certain elements of an action change frequently or
+    # depend on complicated state while other parts rarely change or
     # can be shared amongst multiple parties. The caching is done using
-    # the <tt>cache</tt> helper available in the Action View. A 
-    # template with fragment caching might look like:
+    # the +cache+ helper available in the Action View. See
+    # ActionView::Helpers::CacheHelper for more information.
     #
-    #   <b>Hello <%= @name %></b>
+    # While it's strongly recommended that you use key-based cache
+    # expiration (see links in CacheHelper for more information),
+    # it is also possible to manually expire caches. For example:
     #
-    #   <% cache do %>
-    #     All the topics in the system:
-    #     <%= render :partial => "topic", :collection => Topic.all %>
-    #   <% end %>
-    #
-    # This cache will bind the name of the action that called it, so if
-    # this code was part of the view for the topics/list action, you 
-    # would be able to invalidate it using:
-    #
-    #   expire_fragment(:controller => "topics", :action => "list")
-    #
-    # This default behavior is limited if you need to cache multiple 
-    # fragments per action or if the action itself is cached using 
-    # <tt>caches_action</tt>. To remedy this, there is an option to 
-    # qualify the name of the cached fragment by using the 
-    # <tt>:action_suffix</tt> option:
-    #
-    #   <% cache(:action => "list", :action_suffix => "all_topics") do %>
-    #
-    # That would result in a name such as 
-    # <tt>/topics/list/all_topics</tt>, avoiding conflicts with the 
-    # action cache and with any fragments that use a different suffix.
-    # Note that the URL doesn't have to really exist or be callable
-    # - the url_for system is just used to generate unique cache names
-    # that we can refer to when we need to expire the cache.
-    #
-    # The expiration call for this example is:
-    #
-    #   expire_fragment(:controller => "topics", 
-    #                   :action => "list", 
-    #                   :action_suffix => "all_topics")
+    #   expire_fragment('name_of_cache')
     module Fragments
-      # Given a key (as described in <tt>expire_fragment</tt>), returns
-      # a key suitable for use in reading, writing, or expiring a 
-      # cached fragment. If the key is a hash, the generated key is the
-      # return value of url_for on that hash (without the protocol). 
-      # All keys are prefixed with <tt>views/</tt> and uses
+      # Given a key (as described in +expire_fragment+), returns
+      # a key suitable for use in reading, writing, or expiring a
+      # cached fragment. All keys are prefixed with <tt>views/</tt> and uses
       # ActiveSupport::Cache.expand_cache_key for the expansion.
       def fragment_cache_key(key)
         ActiveSupport::Cache.expand_cache_key(key.is_a?(Hash) ? url_for(key).split("://").last : key, :views)
       end
 
-      # Writes <tt>content</tt> to the location signified by 
-      # <tt>key</tt> (see <tt>expire_fragment</tt> for acceptable formats).
+      # Writes +content+ to the location signified by
+      # +key+ (see +expire_fragment+ for acceptable formats).
       def write_fragment(key, content, options = nil)
         return content unless cache_configured?
 
@@ -65,8 +35,8 @@ module ActionController #:nodoc:
         content
       end
 
-      # Reads a cached fragment from the location signified by <tt>key</tt>
-      # (see <tt>expire_fragment</tt> for acceptable formats).
+      # Reads a cached fragment from the location signified by +key+
+      # (see +expire_fragment+ for acceptable formats).
       def read_fragment(key, options = nil)
         return unless cache_configured?
 
@@ -77,8 +47,8 @@ module ActionController #:nodoc:
         end
       end
 
-      # Check if a cached fragment from the location signified by 
-      # <tt>key</tt> exists (see <tt>expire_fragment</tt> for acceptable formats)
+      # Check if a cached fragment from the location signified by
+      # +key+ exists (see +expire_fragment+ for acceptable formats).
       def fragment_exist?(key, options = nil)
         return unless cache_configured?
         key = fragment_cache_key(key)
@@ -95,7 +65,7 @@ module ActionController #:nodoc:
       # * String - This would normally take the form of a path, like
       #   <tt>pages/45/notes</tt>.
       # * Hash - Treated as an implicit call to +url_for+, like
-      #   <tt>{:controller => "pages", :action => "notes", :id => 45}</tt>
+      #   <tt>{ controller: 'pages', action: 'notes', id: 45}</tt>
       # * Regexp - Will remove any fragment that matches, so
       #   <tt>%r{pages/\d*/notes}</tt> might remove all notes. Make sure you
       #   don't use anchors in the regex (<tt>^</tt> or <tt>$</tt>) because
@@ -104,8 +74,8 @@ module ActionController #:nodoc:
       #   only supported on caches that can iterate over all keys (unlike
       #   memcached).
       #
-      # +options+ is passed through to the cache store's <tt>delete</tt>
-      # method (or <tt>delete_matched</tt>, for Regexp keys.)
+      # +options+ is passed through to the cache store's +delete+
+      # method (or <tt>delete_matched</tt>, for Regexp keys).
       def expire_fragment(key, options = nil)
         return unless cache_configured?
         key = fragment_cache_key(key) unless key.is_a?(Regexp)
@@ -119,8 +89,14 @@ module ActionController #:nodoc:
         end
       end
 
-      def instrument_fragment_cache(name, key)
-        ActiveSupport::Notifications.instrument("#{name}.action_controller", :key => key){ yield }
+      def instrument_fragment_cache(name, key) # :nodoc:
+        payload = {
+          controller: controller_name,
+          action: action_name,
+          key: key
+        }
+
+        ActiveSupport::Notifications.instrument("#{name}.action_controller", payload) { yield }
       end
     end
   end