actionpack 7.0.8 → 7.2.0

data/lib/abstract_controller/rendering.rb

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 
+# :markup: markdown
+
 require "abstract_controller/error"
 require "action_view"
 require "action_view/view_paths"
@@ -7,7 +9,7 @@ require "set"
 
 module AbstractController
   class DoubleRenderError < Error
-    DEFAULT_MESSAGE = "Render and/or redirect were called multiple times in this action. Please note that you may only call render OR redirect, and at most once per action. Also note that neither redirect nor render terminate execution of the action, so if you want to exit an action after redirecting, you need to do something like \"redirect_to(...) and return\"."
+    DEFAULT_MESSAGE = "Render and/or redirect were called multiple times in this action. Please note that you may only call render OR redirect, and at most once per action. Also note that neither redirect nor render terminate execution of the action, so if you want to exit an action after redirecting, you need to do something like \"redirect_to(...); return\"."
 
     def initialize(message = nil)
       super(message || DEFAULT_MESSAGE)
@@ -19,9 +21,9 @@ module AbstractController
     include ActionView::ViewPaths
 
     # Normalizes arguments and options, and then delegates to render_to_body and
-    # sticks the result in <tt>self.response_body</tt>.
+    # sticks the result in `self.response_body`.
     #
-    # Supported options depend on the underlying +render_to_body+ implementation.
+    # Supported options depend on the underlying `render_to_body` implementation.
     def render(*args, &block)
       options = _normalize_render(*args, &block)
       rendered_body = render_to_body(options)
@@ -35,11 +37,11 @@ module AbstractController
     end
 
     # Similar to #render, but only returns the rendered template as a string,
-    # instead of setting +self.response_body+.
+    # instead of setting `self.response_body`.
     #
-    # If a component extends the semantics of +response_body+ (as ActionController
-    # extends it to be anything that responds to the method each), this method
-    # needs to be overridden in order to still return a string.
+    # If a component extends the semantics of `response_body` (as ActionController
+    # extends it to be anything that responds to the method each), this method needs
+    # to be overridden in order to still return a string.
     def render_to_string(*args, &block)
       options = _normalize_render(*args, &block)
       render_to_body(options)
@@ -49,15 +51,15 @@ module AbstractController
     def render_to_body(options = {})
     end
 
-    # Returns +Content-Type+ of rendered content.
+    # Returns `Content-Type` of rendered content.
     def rendered_format
       Mime[:text]
     end
 
     DEFAULT_PROTECTED_INSTANCE_VARIABLES = %i(@_action_name @_response_body @_formats @_prefixes)
 
-    # This method should return a hash with assigns.
-    # You can overwrite this configuration per controller.
+    # This method should return a hash with assigns. You can overwrite this
+    # configuration per controller.
     def view_assigns
       variables = instance_variables - _protected_ivars
 
@@ -67,9 +69,8 @@ module AbstractController
     end
 
   private
-    # Normalize args by converting <tt>render "foo"</tt> to
-    # <tt>render :action => "foo"</tt> and <tt>render "foo/bar"</tt> to
-    # <tt>render :file => "foo/bar"</tt>.
+    # Normalize args by converting `render "foo"` to `render action: "foo"` and
+    # `render "foo/bar"` to `render file: "foo/bar"`.
     def _normalize_args(action = nil, options = {}) # :doc:
       if action.respond_to?(:permitted?)
         if action.permitted?

data/lib/abstract_controller/translation.rb

@@ -1,19 +1,19 @@
 # frozen_string_literal: true
 
+# :markup: markdown
+
 require "active_support/html_safe_translation"
 
 module AbstractController
   module Translation
-    mattr_accessor :raise_on_missing_translations, default: false
-
-    # Delegates to <tt>I18n.translate</tt>.
+    # Delegates to `I18n.translate`.
     #
     # When the given key starts with a period, it will be scoped by the current
-    # controller and action. So if you call <tt>translate(".foo")</tt> from
-    # <tt>PeopleController#index</tt>, it will convert the call to
-    # <tt>I18n.translate("people.index.foo")</tt>. This makes it less repetitive
-    # to translate many keys within the same controller / action and gives you a
-    # simple framework for scoping them consistently.
+    # controller and action. So if you call `translate(".foo")` from
+    # `PeopleController#index`, it will convert the call to
+    # `I18n.translate("people.index.foo")`. This makes it less repetitive to
+    # translate many keys within the same controller / action and gives you a simple
+    # framework for scoping them consistently.
     def translate(key, **options)
       if key&.start_with?(".")
         path = controller_path.tr("/", ".")
@@ -23,13 +23,17 @@ module AbstractController
         key = "#{path}.#{action_name}#{key}"
       end
 
-      i18n_raise = options.fetch(:raise, self.raise_on_missing_translations)
+      if options[:default] && ActiveSupport::HtmlSafeTranslation.html_safe_translation_key?(key)
+        options[:default] = Array(options[:default]).map do |value|
+          value.is_a?(String) ? ERB::Util.html_escape(value) : value
+        end
+      end
 
-      ActiveSupport::HtmlSafeTranslation.translate(key, **options, raise: i18n_raise)
+      ActiveSupport::HtmlSafeTranslation.translate(key, **options)
     end
     alias :t :translate
 
-    # Delegates to <tt>I18n.localize</tt>.
+    # Delegates to `I18n.localize`.
     def localize(object, **options)
       I18n.localize(object, **options)
     end

data/lib/abstract_controller/url_for.rb

@@ -1,12 +1,16 @@
 # frozen_string_literal: true
 
+# :markup: markdown
+
 module AbstractController
-  # Includes +url_for+ into the host class (e.g. an abstract controller or mailer). The class
-  # has to provide a +RouteSet+ by implementing the <tt>_routes</tt> methods. Otherwise, an
-  # exception will be raised.
+  # # URL For
+  #
+  # Includes `url_for` into the host class (e.g. an abstract controller or
+  # mailer). The class has to provide a `RouteSet` by implementing the `_routes`
+  # methods. Otherwise, an exception will be raised.
   #
-  # Note that this module is completely decoupled from HTTP - the only requirement is a valid
-  # <tt>_routes</tt> implementation.
+  # Note that this module is completely decoupled from HTTP - the only requirement
+  # is a valid `_routes` implementation.
   module UrlFor
     extend ActiveSupport::Concern
     include ActionDispatch::Routing::UrlFor

data/lib/abstract_controller.rb

@@ -1,9 +1,12 @@
 # frozen_string_literal: true
 
+# :markup: markdown
+
 require "action_pack"
 require "active_support"
 require "active_support/rails"
 require "active_support/i18n"
+require "abstract_controller/deprecator"
 
 module AbstractController
   extend ActiveSupport::Autoload
@@ -24,5 +27,10 @@ module AbstractController
   def self.eager_load!
     super
     AbstractController::Caching.eager_load!
+    AbstractController::Base.descendants.each do |controller|
+      unless controller.abstract?
+        controller.eager_load!
+      end
+    end
   end
 end

data/lib/action_controller/api/api_rendering.rb

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 
+# :markup: markdown
+
 module ActionController
   module ApiRendering
     extend ActiveSupport::Concern

data/lib/action_controller/api.rb

@@ -1,105 +1,108 @@
 # frozen_string_literal: true
 
+# :markup: markdown
+
 require "action_view"
 require "action_controller"
 require "action_controller/log_subscriber"
 
 module ActionController
-  # API Controller is a lightweight version of ActionController::Base,
-  # created for applications that don't require all functionalities that a complete
-  # \Rails controller provides, allowing you to create controllers with just the
-  # features that you need for API only applications.
-  #
-  # An API Controller is different from a normal controller in the sense that
-  # by default it doesn't include a number of features that are usually required
-  # by browser access only: layouts and templates rendering,
-  # flash, assets, and so on. This makes the entire controller stack thinner,
-  # suitable for API applications. It doesn't mean you won't have such
-  # features if you need them: they're all available for you to include in
-  # your application, they're just not part of the default API controller stack.
-  #
-  # Normally, +ApplicationController+ is the only controller that inherits from
-  # <tt>ActionController::API</tt>. All other controllers in turn inherit from
-  # +ApplicationController+.
+  # # Action Controller API
+  #
+  # API Controller is a lightweight version of ActionController::Base, created for
+  # applications that don't require all functionalities that a complete Rails
+  # controller provides, allowing you to create controllers with just the features
+  # that you need for API only applications.
+  #
+  # An API Controller is different from a normal controller in the sense that by
+  # default it doesn't include a number of features that are usually required by
+  # browser access only: layouts and templates rendering, flash, assets, and so
+  # on. This makes the entire controller stack thinner, suitable for API
+  # applications. It doesn't mean you won't have such features if you need them:
+  # they're all available for you to include in your application, they're just not
+  # part of the default API controller stack.
+  #
+  # Normally, `ApplicationController` is the only controller that inherits from
+  # `ActionController::API`. All other controllers in turn inherit from
+  # `ApplicationController`.
   #
   # A sample controller could look like this:
   #
-  #   class PostsController < ApplicationController
-  #     def index
-  #       posts = Post.all
-  #       render json: posts
+  #     class PostsController < ApplicationController
+  #       def index
+  #         posts = Post.all
+  #         render json: posts
+  #       end
   #     end
-  #   end
   #
   # Request, response, and parameters objects all work the exact same way as
   # ActionController::Base.
   #
-  # == Renders
+  # ## Renders
   #
-  # The default API Controller stack includes all renderers, which means you
-  # can use <tt>render :json</tt> and siblings freely in your controllers. Keep
-  # in mind that templates are not going to be rendered, so you need to ensure
-  # your controller is calling either <tt>render</tt> or <tt>redirect_to</tt> in
-  # all actions, otherwise it will return <tt>204 No Content</tt>.
+  # The default API Controller stack includes all renderers, which means you can
+  # use `render :json` and siblings freely in your controllers. Keep in mind that
+  # templates are not going to be rendered, so you need to ensure your controller
+  # is calling either `render` or `redirect_to` in all actions, otherwise it will
+  # return `204 No Content`.
   #
-  #   def show
-  #     post = Post.find(params[:id])
-  #     render json: post
-  #   end
+  #     def show
+  #       post = Post.find(params[:id])
+  #       render json: post
+  #     end
   #
-  # == Redirects
+  # ## Redirects
   #
   # Redirects are used to move from one action to another. You can use the
-  # <tt>redirect_to</tt> method in your controllers in the same way as in
+  # `redirect_to` method in your controllers in the same way as in
   # ActionController::Base. For example:
   #
-  #   def create
-  #     redirect_to root_url and return if not_authorized?
-  #     # do stuff here
-  #   end
+  #     def create
+  #       redirect_to root_url and return if not_authorized?
+  #       # do stuff here
+  #     end
   #
-  # == Adding New Behavior
+  # ## Adding New Behavior
   #
   # In some scenarios you may want to add back some functionality provided by
   # ActionController::Base that is not present by default in
-  # <tt>ActionController::API</tt>, for instance <tt>MimeResponds</tt>. This
-  # module gives you the <tt>respond_to</tt> method. Adding it is quite simple,
-  # you just need to include the module in a specific controller or in
-  # +ApplicationController+ in case you want it available in your entire
-  # application:
-  #
-  #   class ApplicationController < ActionController::API
-  #     include ActionController::MimeResponds
-  #   end
-  #
-  #   class PostsController < ApplicationController
-  #     def index
-  #       posts = Post.all
-  #
-  #       respond_to do |format|
-  #         format.json { render json: posts }
-  #         format.xml  { render xml: posts }
+  # `ActionController::API`, for instance `MimeResponds`. This module gives you
+  # the `respond_to` method. Adding it is quite simple, you just need to include
+  # the module in a specific controller or in `ApplicationController` in case you
+  # want it available in your entire application:
+  #
+  #     class ApplicationController < ActionController::API
+  #       include ActionController::MimeResponds
+  #     end
+  #
+  #     class PostsController < ApplicationController
+  #       def index
+  #         posts = Post.all
+  #
+  #         respond_to do |format|
+  #           format.json { render json: posts }
+  #           format.xml  { render xml: posts }
+  #         end
   #       end
   #     end
-  #   end
   #
-  # Make sure to check the modules included in ActionController::Base
-  # if you want to use any other functionality that is not provided
-  # by <tt>ActionController::API</tt> out of the box.
+  # Make sure to check the modules included in ActionController::Base if you want
+  # to use any other functionality that is not provided by `ActionController::API`
+  # out of the box.
   class API < Metal
     abstract!
 
-    # Shortcut helper that returns all the ActionController::API modules except
-    # the ones passed as arguments:
+    # Shortcut helper that returns all the ActionController::API modules except the
+    # ones passed as arguments:
     #
-    #   class MyAPIBaseController < ActionController::Metal
-    #     ActionController::API.without_modules(:UrlFor).each do |left|
-    #       include left
+    #     class MyAPIBaseController < ActionController::Metal
+    #       ActionController::API.without_modules(:UrlFor).each do |left|
+    #         include left
+    #       end
     #     end
-    #   end
     #
-    # This gives better control over what you want to exclude and makes it easier
-    # to create an API controller class, instead of listing the modules required
+    # This gives better control over what you want to exclude and makes it easier to
+    # create an API controller class, instead of listing the modules required
     # manually.
     def self.without_modules(*modules)
       modules = modules.map do |m|
@@ -119,24 +122,25 @@ module ActionController
       ConditionalGet,
       BasicImplicitRender,
       StrongParameters,
+      RateLimiting,
 
       DataStreaming,
       DefaultHeaders,
       Logging,
 
-      # Before callbacks should also be executed as early as possible, so
-      # also include them at the bottom.
+      # Before callbacks should also be executed as early as possible, so also include
+      # them at the bottom.
       AbstractController::Callbacks,
 
       # Append rescue at the bottom to wrap as much as possible.
       Rescue,
 
-      # Add instrumentations hooks at the bottom, to ensure they instrument
-      # all the methods properly.
+      # Add instrumentations hooks at the bottom, to ensure they instrument all the
+      # methods properly.
       Instrumentation,
 
-      # Params wrapper should come before instrumentation so they are
-      # properly showed in logs
+      # Params wrapper should come before instrumentation so they are properly showed
+      # in logs
       ParamsWrapper
     ]