Forum: Ruby on Rails Question on routes and default routes

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
Rails D. (Guest)
on 2009-03-15 18:25
Say I have a destroy action configured as the following

map.foo '/foos/:id', :controller => 'foos', :action => 'show',
:conditions => { :method => :get }
map.foo '/foos/:id', :controller => 'foos', :action => 'destroy',
:conditions => { :method => :delete }

Get on foos/:id goes to show and delete on foos/:id goes to destroy.
Nice and restful so all good so far.

But now say if i have the following default route in my routes.rb

map.connect ':controller/:action/:id'

Now someone can explicitly type in the url http://.../foos/destroy/123
and it will go to my destroy action in controller foos although this
action should only be accessed by a POST/DELETE not a GET.

Is there anyway to prevent a get on that action other than checking
within the controller itself?

def destroy
  return home_url unless method.delete?
  ...
end

Thanks!
Brandon O. (Guest)
on 2009-03-15 22:15
(Received via mailing list)
Hi,

I'm kind of new to rails, but I'm pretty sure it is suggested that you
remove those defaults, and only create routes explicitly.

Thanks,
Brandon
Bob M. (Guest)
on 2009-03-15 22:35
(Received via mailing list)
If you are going to go with a Restful design, why not just you
map.resources?

On Mar 15, 11:25 am, Rails D. <removed_email_address@domain.invalid>
"Wolas!" (Guest)
on 2009-03-16 13:20
(Received via mailing list)
It is NOT suggested that the defaults be removed like Brandond says.

It IS suggested that you use map.resources :foos. Which will give you
what you want.

if you, however, want to check explicitely for the method of and
action you can do things like:

def some_action
    render(:text => "you shouldnt be trying this") and return unless
reques.post?
    ....
    ....
end
This topic is locked and can not be replied to.