responders 2.1.2 → 2.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 8dce735a1e17c51056e99b880daafe35f666771f
-  data.tar.gz: 61548c0e60e01fa193a5b01ce93f21b1e9c5181f
+  metadata.gz: 7ba43cee72d6a197eff78818683a01dfe43814d3
+  data.tar.gz: 37ceb10a23ee46f1ec142176eee690c33a98b73d
 SHA512:
-  metadata.gz: 1c5e9f72023667804fbb1589dc4512db20e10a4cca06c643fdc85475c713fd16b6cef65936c3bbc1bbe7beba1460277f32b2f82973ab5f2080acce9ae9772260
-  data.tar.gz: 8bc67ddcb91fb1834483cd99e53f3cfd397b3639b9c0b022996ad2e77d06dcb501cab89a8f586c0f0fc224530ed952fecce88bf9680a9c62d7808e0492420a9a
+  metadata.gz: e198e8715fefd1e87c21d7a52ed255ad51445bdfe2eb83e0e8a5eb8845eae8d3b1e665217ce1ac6f836156abd1d56cff5a2082f48cfb6f44e3cabe875117125f
+  data.tar.gz: c59cbdaf34207e264e7551bdd700f2d9afe200fa29c2a31672d79debce0979853c76ee8ce0500347f5ee8fb19ebf8b86fc270a45add262d06b4d9c43c7c7ae17

data/CHANGELOG.md

@@ -1,3 +1,10 @@
+## 2.2.0
+
+* Added the `verify_request_format!` method, that can be used as a `before_action`
+  callback to prevent your actions from being invoked when the controller does
+  not respond to the request mime type, preventing the execution of complex
+  queries or creating/deleting records from your app.
+
 ## 2.1.2
 
 * Fix rendering when using `ActionController::API`. (by @eLod)

data/README.md

@@ -17,7 +17,7 @@ Update your bundle and run the install generator:
     $ bundle install
     $ rails g responders:install
 
-If you are including this gem to support backwards compatibilty for responders in previous releases of Rails, you only need to include the gem and bundle. 
+If you are including this gem to support backwards compatibilty for responders in previous releases of Rails, you only need to include the gem and bundle.
 
     $ bundle install
 
@@ -188,7 +188,7 @@ to use `respond_with` instead of default `respond_to` blocks. From 2.1, you need
 
     config.app_generators.scaffold_controller :responders_controller
 
-#Failure handling
+## Failure handling
 
 Responders don't use `valid?` to check for errors in models to figure out if
 the request was successfull or not, and relies on your controllers to call
@@ -216,6 +216,29 @@ def create
 end
 ```
 
+## Verifying request formats
+
+`respond_with` will raise an `ActionController::UnknownFormat` if the request
+mime type was not configured through the class level `respond_to`, but the
+action will still be executed and any side effects (like creating a new record)
+will still occur. To raise the `UnknownFormat` exception before your action
+is invoked you can set the `verify_request_format!` method as a `before_action`
+on your controller.
+
+```ruby
+class WidgetsController < ApplicationController
+  respond_to :json
+  before_action :verify_request_format!
+
+  # POST /widgets.html won't reach the `create` action.
+  def create
+    widget = Widget.create(widget_params)
+    respond_with widget
+  end
+end
+
+```
+
 ## Examples
 
 Want more examples ? Check out this blog posts:

data/lib/action_controller/respond_with.rb

@@ -40,14 +40,14 @@ module ActionController #:nodoc:
         only_actions   = Array(options.delete(:only)).map(&:to_s)
         except_actions = Array(options.delete(:except)).map(&:to_s)
 
-        new = mimes_for_respond_to.dup
+        hash = mimes_for_respond_to.dup
         mimes.each do |mime|
           mime = mime.to_sym
-          new[mime]          = {}
-          new[mime][:only]   = only_actions   unless only_actions.empty?
-          new[mime][:except] = except_actions unless except_actions.empty?
+          hash[mime]          = {}
+          hash[mime][:only]   = only_actions   unless only_actions.empty?
+          hash[mime][:except] = except_actions unless except_actions.empty?
         end
-        self.mimes_for_respond_to = new.freeze
+        self.mimes_for_respond_to = hash.freeze
       end
 
       # Clear all mime types in <tt>respond_to</tt>.
@@ -193,7 +193,7 @@ module ActionController #:nodoc:
           "formats your controller responds to in the class level."
       end
 
-      mimes = collect_mimes_from_class_level()
+      mimes = collect_mimes_from_class_level
       collector = ActionController::MimeResponds::Collector.new(mimes, request.variant)
       block.call(collector) if block_given?
 
@@ -208,7 +208,24 @@ module ActionController #:nodoc:
       end
     end
 
-  protected
+    protected
+
+    # Before action callback that can be used to prevent requests that do not
+    # match the mime types defined through <tt>respond_to</tt> from being executed.
+    #
+    #   class PeopleController < ApplicationController
+    #     respond_to :html, :xml, :json
+    #
+    #     before_action :verify_request_format!
+    #   end
+    def verify_request_format!
+      mimes = collect_mimes_from_class_level
+      collector = ActionController::MimeResponds::Collector.new(mimes, request.variant)
+
+      unless collector.negotiate_format(request)
+        raise ActionController::UnknownFormat
+      end
+    end
 
     # Collect mimes declared in the class method respond_to valid for the
     # current action.

data/lib/responders/version.rb

@@ -1,3 +1,3 @@
 module Responders
-  VERSION = "2.1.2".freeze
+  VERSION = "2.2.0".freeze
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: responders
 version: !ruby/object:Gem::Version
-  version: 2.1.2
+  version: 2.2.0
 platform: ruby
 authors:
 - José Valim
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-03-21 00:00:00.000000000 Z
+date: 2016-04-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: railties