merb-core 0.9.5 → 0.9.6

data/lib/merb-core/controller/abstract_controller.rb

@@ -27,7 +27,7 @@
 #   before :some_filter
 #   before :authenticate, :exclude => [:login, :signup]
 #   before :has_role, :with => ["Admin"], :exclude => [:index, :show]
-#   before Proc.new {|c| c.some_method }, :only => :foo
+#   before Proc.new { some_method }, :only => :foo
 #   before :authorize, :unless => :logged_in?  
 #
 # You can use either <code>:only => :actionname</code> or 
@@ -64,8 +64,8 @@
 #   If the second arg is a Proc, it will be called and its return
 #   value will be what is rendered to the browser:
 #
-#     throw :halt, proc {|c| c.access_denied }
-#     throw :halt, proc {|c| Tidy.new(c.index) }
+#     throw :halt, proc { access_denied }
+#     throw :halt, proc { Tidy.new(c.index) }
 #
 # ===== Filter Options (.before, .after, .add_filter, .if, .unless)
 # :only<Symbol, Array[Symbol]>::
@@ -98,6 +98,7 @@ class Merb::AbstractController
   
   class_inheritable_accessor :_layout, :_template_root, :template_roots
   class_inheritable_accessor :_before_filters, :_after_filters
+  class_inheritable_accessor :_before_dispatch_callbacks, :_after_dispatch_callbacks
 
   cattr_accessor :_abstract_subclasses
 
@@ -113,6 +114,7 @@ class Merb::AbstractController
   FILTER_OPTIONS = [:only, :exclude, :if, :unless, :with]
 
   self._before_filters, self._after_filters = [], []
+  self._before_dispatch_callbacks, self._after_dispatch_callbacks = [], []
 
   #---
   # We're using abstract_subclasses so that Merb::Controller can have its
@@ -217,7 +219,7 @@ class Merb::AbstractController
         include Object.full_const_get("#{helper_module_name}") rescue nil
       HERE
       super
-    end
+    end    
   end
   
   # ==== Parameters
@@ -228,7 +230,7 @@ class Merb::AbstractController
     @_template_stack = []
   end
   
-  # This will dispatch the request, calling setup_session and finalize_session
+  # This will dispatch the request, calling internal before/after dispatch_callbacks
   # 
   # ==== Parameters
   # action<~to_s>::
@@ -238,7 +240,7 @@ class Merb::AbstractController
   # ==== Raises
   # MerbControllerError:: Invalid body content caught.
   def _dispatch(action)
-    setup_session
+    self._before_dispatch_callbacks.each { |cb| cb.call(self) }
     self.action_name = action
     
     caught = catch(:halt) do
@@ -253,14 +255,16 @@ class Merb::AbstractController
     when String                   then caught
     when nil                      then _filters_halted
     when Symbol                   then __send__(caught)
-    when Proc                     then caught.call(self)
+    when Proc                     then self.instance_eval(&caught)
     else
       raise ArgumentError, "Threw :halt, #{caught}. Expected String, nil, Symbol, Proc."
     end
     start = Time.now
     _call_filters(_after_filters)
     @_benchmarks[:after_filters_time] = Time.now - start if _after_filters
-    finalize_session
+    
+    self._after_dispatch_callbacks.each { |cb| cb.call(self) }
+    
     @body
   end
   
@@ -298,7 +302,7 @@ class Merb::AbstractController
           else
             send(filter)
           end
-        when Proc           then self.instance_eval(&filter)
+        when Proc then self.instance_eval(&filter)
         end
       end
     end
@@ -360,7 +364,7 @@ class Merb::AbstractController
   def _evaluate_condition(condition)
     case condition
     when Symbol : self.send(condition)
-    when Proc : condition.call(self)
+    when Proc : self.instance_eval(&condition)
     else
       raise ArgumentError,
             'Filter condtions need to be either a Symbol or a Proc'
@@ -412,14 +416,6 @@ class Merb::AbstractController
   #---
   # Defaults that can be overridden by plugins, other mixins, or subclasses
   def _filters_halted()   "<html><body><h1>Filter Chain Halted!</h1></body></html>"  end
-
-  # Method stub for setting up the session. This will be overriden by session
-  # modules.
-  def setup_session()    end
-
-  # Method stub for finalizing up the session. This will be overriden by
-  # session modules.
-  def finalize_session() end  
   
   # ==== Parameters
   # name<~to_sym, Hash>:: The name of the URL to generate.
@@ -453,11 +449,24 @@ class Merb::AbstractController
   # ==== Returns
   # String:: The generated url with protocol + hostname + URL.
   #
+  # ==== Options
+  #
+  # :protocol and :host options are special: use them to explicitly
+  # specify protocol and host of resulting url. If you omit them,
+  # protocol and host of request are used.
+  #
   # ==== Alternatives
   # If a hash is used as the first argument, a default route will be
   # generated based on it and rparams.
   def absolute_url(name, rparams={})
-    request.protocol + request.host + url(name, rparams)
+    # FIXME: arrgh, why request.protocol returns http://?
+    # :// is not part of protocol name
+    protocol = rparams.delete(:protocol)
+    protocol << "://" if protocol
+    
+    (protocol || request.protocol) +
+      (rparams.delete(:host) || request.host) +
+      url(name, rparams)
   end
 
   # Calls the capture method for the selected template engine.
@@ -506,9 +515,14 @@ class Merb::AbstractController
     end
 
     opts = normalize_filters!(opts)
-
+    
     case filter
-    when Symbol, Proc, String
+    when Proc
+      # filters with procs created via class methods have identical signature
+      # regardless if they handle content differently or not. So procs just
+      # get appended
+      filters << [filter, opts]
+    when Symbol, String
       if existing_filter = filters.find {|f| f.first.to_s[filter.to_s]}
         filters[ filters.index(existing_filter) ] = [filter, opts]
       else

data/lib/merb-core/controller/merb_controller.rb

@@ -1,24 +1,19 @@
 class Merb::Controller < Merb::AbstractController
 
-  class_inheritable_accessor :_hidden_actions, :_shown_actions,
-                             :_session_id_key, :_session_secret_key, :_session_expiry, :_session_cookie_domain
+  class_inheritable_accessor :_hidden_actions, :_shown_actions
 
   self._hidden_actions ||= []
-  self._shown_actions ||= []
-  
+  self._shown_actions  ||= []
+
   cattr_accessor :_subclasses
   self._subclasses = Set.new
 
   def self.subclasses_list() _subclasses end
 
-  self._session_secret_key = nil
-  self._session_id_key = Merb::Config[:session_id_key] || '_session_id'
-  self._session_expiry = Merb::Config[:session_expiry] || Merb::Const::WEEK * 2
-  self._session_cookie_domain = Merb::Config[:session_cookie_domain]
-
   include Merb::ResponderMixin
   include Merb::ControllerMixin
   include Merb::AuthenticationMixin
+  include Merb::ConditionalGetMixin
 
   class << self
 
@@ -102,7 +97,7 @@ class Merb::Controller < Merb::AbstractController
     end
 
     private
-    
+
     # All methods that are callable as actions.
     #
     # ==== Returns
@@ -140,15 +135,15 @@ class Merb::Controller < Merb::AbstractController
   def _template_location(context, type, controller)
     _conditionally_append_extension(controller ? "#{controller}/#{context}" : "#{context}", type)
   end
-  
-  # The location to look for a template and mime-type. This is overridden 
-  # from AbstractController, which defines a version of this that does not 
+
+  # The location to look for a template and mime-type. This is overridden
+  # from AbstractController, which defines a version of this that does not
   # involve mime-types.
   #
   # ==== Parameters
-  # template<String>:: 
+  # template<String>::
   #    The absolute path to a template - without mime and template extension.
-  #    The mime-type extension is optional - it will be appended from the 
+  #    The mime-type extension is optional - it will be appended from the
   #    current content type if it hasn't been added already.
   # type<~to_s>::
   #    The mime-type of the template that will be rendered. Defaults to nil.
@@ -163,11 +158,8 @@ class Merb::Controller < Merb::AbstractController
   # Sets the variables that came in through the dispatch as available to
   # the controller.
   #
-  # This method uses the :session_id_cookie_only and :query_string_whitelist
-  # configuration options. See CONFIG for more details.
-  #
   # ==== Parameters
-  # request<Merb::Request>:: The Merb::Request that came in from Mongrel.
+  # request<Merb::Request>:: The Merb::Request that came in from Rack.
   # status<Integer>:: An integer code for the status. Defaults to 200.
   # headers<Hash{header => value}>::
   #   A hash of headers to start the controller with. These headers can be
@@ -204,7 +196,7 @@ class Merb::Controller < Merb::AbstractController
   end
 
   attr_reader :request, :headers
-  
+
   def status
     @_status
   end
@@ -227,20 +219,6 @@ class Merb::Controller < Merb::AbstractController
   # Hash:: The parameters from the request object
   def params()  request.params  end
 
-  # ==== Returns
-  # Merb::Cookies::
-  #   A new Merb::Cookies instance representing the cookies that came in
-  #   from the request object
-  #
-  # ==== Notes
-  # Headers are passed into the cookie object so that you can do:
-  #   cookies[:foo] = "bar"
-  def cookies() @_cookies ||= _setup_cookies end
-
-  # ==== Returns
-  # Hash:: The session that was extracted from the request object.
-  def session() request.session end
-  
   # The results of the controller's render, to be returned to Rack.
   #
   # ==== Returns
@@ -249,19 +227,14 @@ class Merb::Controller < Merb::AbstractController
   def rack_response
     [status, headers, body]
   end
-  
+
   # Hide any methods that may have been exposed as actions before.
   hide_action(*_callable_methods)
-  
+
   private
 
   # If not already added, add the proper mime extension to the template path.
   def _conditionally_append_extension(template, type)
     type && !template.match(/\.#{type.to_s.escape_regexp}$/) ? "#{template}.#{type}" : template
   end
-
-  # Create a default cookie jar, and pre-set a fixation cookie if fixation is enabled.
-  def _setup_cookies
-    ::Merb::Cookies.new(request.cookies, @headers)
-  end
-end
+end

data/lib/merb-core/controller/mixins/authentication.rb

@@ -45,10 +45,27 @@ module Merb::AuthenticationMixin
   #     
   #     end
   #
+  # If you need to request basic authentication inside an action you need to use the request! method.
+  #
+  # ====Example
+  #
+  #    class Sessions < Application
+  #  
+  #      def new
+  #        case content_type
+  #        when :html
+  #          render
+  #        else
+  #          basic_authentication.request!
+  #        end
+  #      end
+  # 
+  #    end 
+  #
   #---
   # @public
   def basic_authentication(realm = "Application", &authenticator)
-    BasicAuthentication.new(self, realm, &authenticator)
+    @_basic_authentication ||= BasicAuthentication.new(self, realm, &authenticator)
   end
   
   class BasicAuthentication
@@ -58,24 +75,43 @@ module Merb::AuthenticationMixin
     def initialize(controller, realm = "Application", &authenticator)
       @controller = controller
       @realm = realm
+      @auth = Rack::Auth::Basic::Request.new(@controller.request.env)
       authenticate_or_request(&authenticator) if authenticator
     end
 
     def authenticate(&authenticator)
-      auth = Rack::Auth::Basic::Request.new(@controller.request.env)
-
-      if auth.provided? and auth.basic?
-        authenticator.call(*auth.credentials)
+      if @auth.provided? and @auth.basic?
+        authenticator.call(*@auth.credentials)
       else
         false
       end
     end
 
     def request
-      @controller.headers['WWW-Authenticate'] = 'Basic realm="%s"' % @realm
+      request!
       throw :halt, @controller.render("HTTP Basic: Access denied.\n", :status => Unauthorized.status, :layout => false)
     end
     
+    # This is a special case for use outside a before filter.  Use this if you need to 
+    # request basic authenticaiton as part of an action
+    def request!
+      @controller.status = Unauthorized.status
+      @controller.headers['WWW-Authenticate'] = 'Basic realm="%s"' % @realm
+    end
+    
+    # Checks to see if there has been any basic authentication credentials provided
+    def provided?
+      @auth.provided?
+    end
+    
+    def username
+      provided? ? @auth.credentials.first : nil
+    end
+    
+    def password
+      provided? ? @auth.credentials.last : nil
+    end
+    
     protected
     
     def authenticate_or_request(&authenticator)

data/lib/merb-core/controller/mixins/conditional_get.rb

@@ -0,0 +1,83 @@
+# Provides conditional get support in Merb core.
+# Conditional get support is intentionally
+# simple and does not do fancy stuff like making
+# ETag value from Ruby objects for you.
+#
+# The most interesting method for end user is
+# +request_fresh?+ that is used after setting of
+# last modification time or ETag:
+#
+# ==== Example
+#
+# def show
+#   self.etag = Digest::SHA1.hexdigest(calculate_cache_key(params))
+#
+#   if request_fresh?
+#     self.status = 304
+#     return ''
+#   else
+#     @product = Product.get(params[:id])
+#     display @product
+#   end
+# end
+module Merb::ConditionalGetMixin
+
+  # Sets ETag response header by calling
+  # #to_s on the argument.
+  #
+  # ==== Parameters
+  # tag<~to_s>::
+  #   value of ETag header enclosed in double quotes
+  #   as required by the RFC
+  def etag=(tag)
+    headers[Merb::Const::ETAG] = %("#{tag}")
+  end
+
+  # ==== Returns
+  # <String>::
+  #   Value of ETag response header or nil if it's not set.
+  def etag
+    headers[Merb::Const::ETAG]
+  end
+
+  # ==== Returns
+  # <Boolean>::
+  # true if ETag response header equals If-None-Match request header,
+  # false otherwise
+  def etag_matches?(tag = self.etag)
+    tag == self.request.if_none_match
+  end
+
+  # Sets Last-Modified response header.
+  #
+  # ==== Parameters
+  # tag<Time>::
+  # resource modification timestamp converted into format
+  # required by the RFC
+  def last_modified=(time)
+    headers[Merb::Const::LAST_MODIFIED] = time.httpdate
+  end
+
+  # ==== Returns
+  # <String>::
+  #   Value of Last-Modified response header or nil if it's not set.
+  def last_modified
+    Time.rfc2822(headers[Merb::Const::LAST_MODIFIED])
+  end
+
+  # ==== Returns
+  # <Boolean>::
+  # true if Last-Modified response header is < than
+  # If-Modified-Since request header value, false otherwise.
+  def not_modified?(time = self.last_modified)
+    request.if_modified_since && time && time <= request.if_modified_since
+  end
+
+  # ==== Returns
+  # <Boolean>::
+  # true if either ETag matches or entity is not modified,
+  # so request is fresh; false otherwise
+  def request_fresh?
+    etag_matches?(self.etag) || not_modified?(self.last_modified)
+  end
+end

data/lib/merb-core/controller/mixins/render.rb

@@ -41,7 +41,7 @@ module Merb::RenderMixin
     # ==== Returns
     # Hash:: The default render options.
     def layout(layout)
-      self.default_render_options.update(:layout => (layout ? layout : false))
+      self.default_render_options.update(:layout => (layout || false))
     end
 
     # Enable the default layout logic - reset the layout option.
@@ -95,7 +95,7 @@ module Merb::RenderMixin
     thing ||= action_name.to_sym
 
     # Content negotiation
-    opts[:format] ? (self.content_type = opts[:format]) : content_type
+    self.content_type = opts[:format] if opts[:format]
 
     # Handle options (:status)
     _handle_options!(opts)
@@ -189,7 +189,7 @@ module Merb::RenderMixin
   # explicitly passed in the opts.
   #
   def display(object, thing = nil, opts = {})
-    template_opt = opts.delete(:template)
+    template_opt = thing.is_a?(Hash) ? thing.delete(:template) : opts.delete(:template)
 
     case thing
     # display @object, "path/to/foo" means display @object, nil, :template => "path/to/foo"

data/lib/merb-core/core_ext/kernel.rb

@@ -37,27 +37,14 @@ module Kernel
   #   If the gem cannot be found, the method will attempt to require the string
   #   as a library.
   def load_dependency(name, *ver)
-    try_framework = Merb.frozen?
     begin
-      # If this is a piece of merb, and we're frozen, try to require
-      # first, so we can pick it up from framework/,
-      # otherwise try activating the gem
-      if name =~ /^merb/ && try_framework
-        require name
-      else
-        gem(name, *ver) if ver
-        require name
-        Merb.logger.info!("loading gem '#{name}' ...")
-      end
+      gem(name, *ver) if ver
+      require name
+      Merb.logger.info!("loading gem '#{name}' ...")
     rescue LoadError
-      if try_framework
-        try_framework = false
-        retry
-      else
-        Merb.logger.info!("loading gem '#{name}' ...")
-        # Failed requiring as a gem, let's try loading with a normal require.
-        require name
-      end
+      Merb.logger.info!("loading gem '#{name}' ...")
+      # Failed requiring as a gem, let's try loading with a normal require.
+      require name
     end
   end