halorgium-actionpack 3.0.pre

data/lib/action_controller/metal/session.rb

@@ -0,0 +1,15 @@
+module ActionController
+  module Session
+    extend ActiveSupport::Concern
+
+    include RackConvenience
+
+    def session
+      @_request.session
+    end
+
+    def reset_session
+      @_request.reset_session
+    end
+  end
+end

data/lib/action_controller/metal/session_management.rb

@@ -0,0 +1,45 @@
+module ActionController #:nodoc:
+  module SessionManagement #:nodoc:
+    extend ActiveSupport::Concern
+
+    include ActionController::Configuration
+
+    module ClassMethods
+      # Set the session store to be used for keeping the session data between requests.
+      # By default, sessions are stored in browser cookies (<tt>:cookie_store</tt>),
+      # but you can also specify one of the other included stores (<tt>:active_record_store</tt>,
+      # <tt>:mem_cache_store</tt>, or your own custom class.
+      def session_store=(store)
+        if store == :active_record_store
+          self.session_store = ActiveRecord::SessionStore
+        else
+          @@session_store = store.is_a?(Symbol) ?
+            ActionDispatch::Session.const_get(store.to_s.camelize) :
+            store
+        end
+      end
+
+      # Returns the session store class currently used.
+      def session_store
+        if defined? @@session_store
+          @@session_store
+        else
+          ActionDispatch::Session::CookieStore
+        end
+      end
+
+      def session=(options = {})
+        self.session_store = nil if options.delete(:disabled)
+        session_options.merge!(options)
+      end
+
+      def session(*args)
+        ActiveSupport::Deprecation.warn(
+          "Disabling sessions for a single controller has been deprecated. " +
+          "Sessions are now lazy loaded. So if you don't access them, " +
+          "consider them off. You can still modify the session cookie " +
+          "options with request.session_options.", caller)
+      end
+    end
+  end
+end

data/lib/action_controller/metal/streaming.rb

@@ -0,0 +1,188 @@
+require 'active_support/core_ext/string/bytesize'
+
+module ActionController #:nodoc:
+  # Methods for sending arbitrary data and for streaming files to the browser,
+  # instead of rendering.
+  module Streaming
+    extend ActiveSupport::Concern
+
+    include ActionController::RenderingController
+
+    DEFAULT_SEND_FILE_OPTIONS = {
+      :type         => 'application/octet-stream'.freeze,
+      :disposition  => 'attachment'.freeze,
+      :stream       => true,
+      :buffer_size  => 4096,
+      :x_sendfile   => false
+    }.freeze
+
+    X_SENDFILE_HEADER = 'X-Sendfile'.freeze
+
+    protected
+      # Sends the file, by default streaming it 4096 bytes at a time. This way the
+      # whole file doesn't need to be read into memory at once. This makes it
+      # feasible to send even large files. You can optionally turn off streaming
+      # and send the whole file at once.
+      #
+      # Be careful to sanitize the path parameter if it is coming from a web
+      # page. <tt>send_file(params[:path])</tt> allows a malicious user to
+      # download any file on your server.
+      #
+      # Options:
+      # * <tt>:filename</tt> - suggests a filename for the browser to use.
+      #   Defaults to <tt>File.basename(path)</tt>.
+      # * <tt>:type</tt> - specifies an HTTP content type. Defaults to 'application/octet-stream'. You can specify
+      #   either a string or a symbol for a registered type register with <tt>Mime::Type.register</tt>, for example :json
+      # * <tt>:length</tt> - used to manually override the length (in bytes) of the content that
+      #   is going to be sent to the client. Defaults to <tt>File.size(path)</tt>.
+      # * <tt>:disposition</tt> - specifies whether the file will be shown inline or downloaded.
+      #   Valid values are 'inline' and 'attachment' (default).
+      # * <tt>:stream</tt> - whether to send the file to the user agent as it is read (+true+)
+      #   or to read the entire file before sending (+false+). Defaults to +true+.
+      # * <tt>:buffer_size</tt> - specifies size (in bytes) of the buffer used to stream the file.
+      #   Defaults to 4096.
+      # * <tt>:status</tt> - specifies the status code to send with the response. Defaults to '200 OK'.
+      # * <tt>:url_based_filename</tt> - set to +true+ if you want the browser guess the filename from
+      #   the URL, which is necessary for i18n filenames on certain browsers
+      #   (setting <tt>:filename</tt> overrides this option).
+      # * <tt>:x_sendfile</tt> - uses X-Sendfile to send the file when set to +true+. This is currently
+      #   only available with Lighttpd/Apache2 and specific modules installed and activated. Since this
+      #   uses the web server to send the file, this may lower memory consumption on your server and
+      #   it will not block your application for further requests.
+      #   See http://blog.lighttpd.net/articles/2006/07/02/x-sendfile and
+      #   http://tn123.ath.cx/mod_xsendfile/ for details. Defaults to +false+.
+      #
+      # The default Content-Type and Content-Disposition headers are
+      # set to download arbitrary binary files in as many browsers as
+      # possible.  IE versions 4, 5, 5.5, and 6 are all known to have
+      # a variety of quirks (especially when downloading over SSL).
+      #
+      # Simple download:
+      #
+      #   send_file '/path/to.zip'
+      #
+      # Show a JPEG in the browser:
+      #
+      #   send_file '/path/to.jpeg', :type => 'image/jpeg', :disposition => 'inline'
+      #
+      # Show a 404 page in the browser:
+      #
+      #   send_file '/path/to/404.html', :type => 'text/html; charset=utf-8', :status => 404
+      #
+      # Read about the other Content-* HTTP headers if you'd like to
+      # provide the user with more information (such as Content-Description) in
+      # http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.11.
+      #
+      # Also be aware that the document may be cached by proxies and browsers.
+      # The Pragma and Cache-Control headers declare how the file may be cached
+      # by intermediaries.  They default to require clients to validate with
+      # the server before releasing cached responses.  See
+      # http://www.mnot.net/cache_docs/ for an overview of web caching and
+      # http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9
+      # for the Cache-Control header spec.
+      def send_file(path, options = {}) #:doc:
+        raise MissingFile, "Cannot read file #{path}" unless File.file?(path) and File.readable?(path)
+
+        options[:length]   ||= File.size(path)
+        options[:filename] ||= File.basename(path) unless options[:url_based_filename]
+        send_file_headers! options
+
+        @performed_render = false
+
+        if options[:x_sendfile]
+          logger.info "Sending #{X_SENDFILE_HEADER} header #{path}" if logger
+          head options[:status], X_SENDFILE_HEADER => path
+        else
+          if options[:stream]
+            # TODO : Make render :text => proc {} work with the new base
+            render :status => options[:status], :text => Proc.new { |response, output|
+              logger.info "Streaming file #{path}" unless logger.nil?
+              len = options[:buffer_size] || 4096
+              File.open(path, 'rb') do |file|
+                while buf = file.read(len)
+                  output.write(buf)
+                end
+              end
+            }
+          else
+            logger.info "Sending file #{path}" unless logger.nil?
+            File.open(path, 'rb') { |file| render :status => options[:status], :text => file.read }
+          end
+        end
+      end
+
+      # Sends the given binary data to the browser. This method is similar to
+      # <tt>render :text => data</tt>, but also allows you to specify whether
+      # the browser should display the response as a file attachment (i.e. in a
+      # download dialog) or as inline data. You may also set the content type,
+      # the apparent file name, and other things.
+      #
+      # Options:
+      # * <tt>:filename</tt> - suggests a filename for the browser to use.
+      # * <tt>:type</tt> - specifies an HTTP content type. Defaults to 'application/octet-stream'. You can specify
+      #   either a string or a symbol for a registered type register with <tt>Mime::Type.register</tt>, for example :json
+      # * <tt>:disposition</tt> - specifies whether the file will be shown inline or downloaded.
+      #   Valid values are 'inline' and 'attachment' (default).
+      # * <tt>:status</tt> - specifies the status code to send with the response. Defaults to '200 OK'.
+      #
+      # Generic data download:
+      #
+      #   send_data buffer
+      #
+      # Download a dynamically-generated tarball:
+      #
+      #   send_data generate_tgz('dir'), :filename => 'dir.tgz'
+      #
+      # Display an image Active Record in the browser:
+      #
+      #   send_data image.data, :type => image.content_type, :disposition => 'inline'
+      #
+      # See +send_file+ for more information on HTTP Content-* headers and caching.
+      #
+      # <b>Tip:</b> if you want to stream large amounts of on-the-fly generated
+      # data to the browser, then use <tt>render :text => proc { ... }</tt>
+      # instead. See ActionController::Base#render for more information.
+      def send_data(data, options = {}) #:doc:
+        logger.info "Sending data #{options[:filename]}" if logger
+        send_file_headers! options.merge(:length => data.bytesize)
+        render :status => options[:status], :text => data
+      end
+
+    private
+      def send_file_headers!(options)
+        options.update(DEFAULT_SEND_FILE_OPTIONS.merge(options))
+        [:length, :type, :disposition].each do |arg|
+          raise ArgumentError, ":#{arg} option required" if options[arg].nil?
+        end
+
+        disposition = options[:disposition].dup || 'attachment'
+
+        disposition <<= %(; filename="#{options[:filename]}") if options[:filename]
+
+        content_type = options[:type]
+
+        if content_type.is_a?(Symbol)
+          raise ArgumentError, "Unknown MIME type #{options[:type]}" unless Mime::EXTENSION_LOOKUP.key?(content_type.to_s)
+          self.content_type = Mime::Type.lookup_by_extension(content_type.to_s)
+        else
+          self.content_type = content_type
+        end
+
+        headers.merge!(
+          'Content-Length'            => options[:length].to_s,
+          'Content-Disposition'       => disposition,
+          'Content-Transfer-Encoding' => 'binary'
+        )
+
+        response.sending_file = true
+
+        # Fix a problem with IE 6.0 on opening downloaded files:
+        # If Cache-Control: no-cache is set (which Rails does by default),
+        # IE removes the file it just downloaded from its cache immediately
+        # after it displays the "open/save" dialog, which means that if you
+        # hit "open" the file isn't there anymore when the application that
+        # is called for handling the download is run, so let's workaround that
+        response.cache_control[:public] ||= false
+      end
+  end
+end

data/lib/action_controller/metal/testing.rb

@@ -0,0 +1,39 @@
+module ActionController
+  module Testing
+    extend ActiveSupport::Concern
+
+    include RackConvenience
+
+    # OMG MEGA HAX
+    def process_with_new_base_test(request, response)
+      @_request = request
+      @_response = response
+      @_response.request = request
+      ret = process(request.parameters[:action])
+      @_response.body ||= self.response_body
+      @_response.prepare!
+      set_test_assigns
+      ret
+    end
+
+    def set_test_assigns
+      @assigns = {}
+      (instance_variable_names - self.class.protected_instance_variables).each do |var|
+        name, value = var[1..-1], instance_variable_get(var)
+        @assigns[name] = value
+      end
+    end
+
+    # TODO : Rewrite tests using controller.headers= to use Rack env
+    def headers=(new_headers)
+      @_response ||= ActionDispatch::Response.new
+      @_response.headers.replace(new_headers)
+    end
+
+    module ClassMethods
+      def before_filters
+        _process_action_callbacks.find_all{|x| x.kind == :before}.map{|x| x.name}
+      end
+    end
+  end
+end

data/lib/action_controller/metal/url_for.rb

@@ -0,0 +1,41 @@
+module ActionController
+  module UrlFor
+    extend ActiveSupport::Concern
+
+    include RackConvenience
+
+    # Overwrite to implement a number of default options that all url_for-based methods will use. The default options should come in
+    # the form of a hash, just like the one you would use for url_for directly. Example:
+    #
+    #   def default_url_options(options)
+    #     { :project => @project.active? ? @project.url_name : "unknown" }
+    #   end
+    #
+    # As you can infer from the example, this is mostly useful for situations where you want to centralize dynamic decisions about the
+    # urls as they stem from the business domain. Please note that any individual url_for call can always override the defaults set
+    # by this method.
+    def default_url_options(options = nil)
+    end
+
+    def rewrite_options(options) #:nodoc:
+      if defaults = default_url_options(options)
+        defaults.merge(options)
+      else
+        options
+      end
+    end
+
+    def url_for(options = {})
+      options ||= {}
+      case options
+        when String
+          options
+        when Hash
+          @url ||= UrlRewriter.new(request, params)
+          @url.rewrite(rewrite_options(options))
+        else
+          polymorphic_url(options)
+      end
+    end
+  end
+end

data/lib/action_controller/metal/verification.rb

@@ -0,0 +1,130 @@
+module ActionController #:nodoc:
+  module Verification #:nodoc:
+    extend ActiveSupport::Concern
+
+    include AbstractController::Callbacks, Session, Flash, RenderingController
+
+    # This module provides a class-level method for specifying that certain
+    # actions are guarded against being called without certain prerequisites
+    # being met. This is essentially a special kind of before_filter.
+    #
+    # An action may be guarded against being invoked without certain request
+    # parameters being set, or without certain session values existing.
+    #
+    # When a verification is violated, values may be inserted into the flash, and
+    # a specified redirection is triggered. If no specific action is configured,
+    # verification failures will by default result in a 400 Bad Request response.
+    #
+    # Usage:
+    #
+    #   class GlobalController < ActionController::Base
+    #     # Prevent the #update_settings action from being invoked unless
+    #     # the 'admin_privileges' request parameter exists. The
+    #     # settings action will be redirected to in current controller
+    #     # if verification fails.
+    #     verify :params => "admin_privileges", :only => :update_post,
+    #            :redirect_to => { :action => "settings" }
+    #
+    #     # Disallow a post from being updated if there was no information
+    #     # submitted with the post, and if there is no active post in the
+    #     # session, and if there is no "note" key in the flash. The route
+    #     # named category_url will be redirected to if verification fails.
+    #
+    #     verify :params => "post", :session => "post", "flash" => "note",
+    #            :only => :update_post,
+    #            :add_flash => { "alert" => "Failed to create your message" },
+    #            :redirect_to => :category_url
+    #
+    # Note that these prerequisites are not business rules. They do not examine 
+    # the content of the session or the parameters. That level of validation should
+    # be encapsulated by your domain model or helper methods in the controller.
+    module ClassMethods
+      # Verify the given actions so that if certain prerequisites are not met,
+      # the user is redirected to a different action. The +options+ parameter
+      # is a hash consisting of the following key/value pairs:
+      #
+      # <tt>:params</tt>:: 
+      #   a single key or an array of keys that must be in the <tt>params</tt> 
+      #   hash in order for the action(s) to be safely called.
+      # <tt>:session</tt>:: 
+      #   a single key or an array of keys that must be in the <tt>session</tt> 
+      #   in order for the action(s) to be safely called.
+      # <tt>:flash</tt>:: 
+      #   a single key or an array of keys that must be in the flash in order 
+      #   for the action(s) to be safely called.
+      # <tt>:method</tt>:: 
+      #   a single key or an array of keys--any one of which must match the 
+      #   current request method in order for the action(s) to be safely called. 
+      #   (The key should be a symbol: <tt>:get</tt> or <tt>:post</tt>, for 
+      #   example.)
+      # <tt>:xhr</tt>:: 
+      #   true/false option to ensure that the request is coming from an Ajax 
+      #   call or not. 
+      # <tt>:add_flash</tt>:: 
+      #   a hash of name/value pairs that should be merged into the session's 
+      #   flash if the prerequisites cannot be satisfied.
+      # <tt>:add_headers</tt>:: 
+      #   a hash of name/value pairs that should be merged into the response's 
+      #   headers hash if the prerequisites cannot be satisfied.
+      # <tt>:redirect_to</tt>:: 
+      #   the redirection parameters to be used when redirecting if the 
+      #   prerequisites cannot be satisfied. You can redirect either to named 
+      #   route or to the action in some controller.
+      # <tt>:render</tt>:: 
+      #   the render parameters to be used when the prerequisites cannot be satisfied.
+      # <tt>:only</tt>:: 
+      #   only apply this verification to the actions specified in the associated 
+      #   array (may also be a single value).
+      # <tt>:except</tt>:: 
+      #   do not apply this verification to the actions specified in the associated 
+      #   array (may also be a single value).
+      def verify(options={})
+        before_filter :only => options[:only], :except => options[:except] do
+          verify_action options
+        end
+      end
+    end
+
+  private
+
+    def verify_action(options) #:nodoc:
+      if prereqs_invalid?(options)
+        flash.update(options[:add_flash])              if options[:add_flash]
+        response.headers.merge!(options[:add_headers]) if options[:add_headers]
+        apply_remaining_actions(options)               unless performed?
+      end
+    end
+    
+    def prereqs_invalid?(options) # :nodoc:
+      verify_presence_of_keys_in_hash_flash_or_params(options) || 
+      verify_method(options) || 
+      verify_request_xhr_status(options)
+    end
+ 
+    def verify_presence_of_keys_in_hash_flash_or_params(options) # :nodoc:
+      [*options[:params] ].find { |v| v && params[v.to_sym].nil?  } ||
+      [*options[:session]].find { |v| session[v].nil? } ||
+      [*options[:flash]  ].find { |v| flash[v].nil?   }
+    end
+    
+    def verify_method(options) # :nodoc:
+      [*options[:method]].all? { |v| request.method != v.to_sym } if options[:method]
+    end
+    
+    def verify_request_xhr_status(options) # :nodoc:
+      request.xhr? != options[:xhr] unless options[:xhr].nil?
+    end
+    
+    def apply_redirect_to(redirect_to_option) # :nodoc:
+      (redirect_to_option.is_a?(Symbol) && redirect_to_option != :back) ? self.__send__(redirect_to_option) : redirect_to_option
+    end
+    
+    def apply_remaining_actions(options) # :nodoc:
+      case
+        when options[:render]      ; render(options[:render])
+        when options[:redirect_to] ; redirect_to(apply_redirect_to(options[:redirect_to]))
+        else head(:bad_request)
+      end
+    end
+  end
+end