Say I have a destroy action configured as the following
map.foo '/foos/:id', :controller => 'foos', :action => 'show',
:conditions => { :method => :get }
map.foo '/foos/:id', :controller => 'foos', :action => 'destroy',
:conditions => { :method => :delete }
Get on foos/:id goes to show and delete on foos/:id goes to destroy.
Nice and restful so all good so far.
But now say if i have the following default route in my routes.rb
map.connect ':controller/:action/:id'
Now someone can explicitly type in the url http://.../foos/destroy/123
and it will go to my destroy action in controller foos although this
action should only be accessed by a POST/DELETE not a GET.
Is there anyway to prevent a get on that action other than checking
within the controller itself?
def destroy
return home_url unless method.delete?
...
end
Thanks!
--
Posted via http://www.ruby-forum.com/.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Ruby
on Rails: Talk" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---
