Is there anything built in to the framework to validate action input,
and perhaps even output?
That is, before I start executing my actions, to make sure certain
parameters are passed, others aren't, and that some are in a certain
format. I don't always want that pushed down to the model (and there
isn't always a model.)
For instance:
validates_param_present :say_hi, :name
validates_param_format :say_hi, :name, :with => /[A-Za-z]+/
def say_hi(name)
"hi #{name}"
end
Perhaps it's better to j
This could easily be implemented with before filters, etc. Or could
be done within the action:
def say_hi(name)
validate_param_present :name
validate_param_format :name, :with => /[A-Za-z]+/
end
Just wondering if it is already in the framework or there are plans
for it.
My particular need right now is to protect against spoofing in a
reliable way. I am actually working with a model in this case, so it
would need to be something more like:
validates_param_not_present :register, [:user, :admin]
(which would make sure {:user => { :admin => 1 }} wasn't passed)
or maybe
validates_param_not_present [:user, :admin] # to validate ALL actions
or even
validates_params_only :register, [:user =>
[:email, :first_name, :last_name]]
Initially this thought was inspired by the fact that DataMapper does
not support protected attributes on mass-assign, the way ActiveRecord
does. Right now, User.new(params[:user]) is highly unsafe if there
are any sensitive properties of User.
Perhaps this is better supported at the action input level.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"merb" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at http://groups.google.com/group/merb?hl=en
-~----------~----~----~----~------~----~------~--~---
