Imitate "Unknown action"?

Rails
1

Hi all

I’m integrating some basic authorization stuff. When a user hits
/countries/some_unknown_action, then Rails displays a “Unknown action”
message (in development mode). When an unauthorized user hits
/countries/action_that_needs_authorization, then I’d like Rails to
behave exactly the same way (because some error like “you don’t have
permission to…” would encourage hackers to re-attempt the action).

I already tried it with

return render(:file => “#{RAILS_ROOT}/public/404.html”, :layout =>
false, :status => 404)

But I guess that’s not really the best way, because it’s hard-coded and
doesn’t rely on Rails’ own mechanism to display the 404 page. So I tried
it using

raise ActionController::UnknownAction

But it seems that this Exception is only used by the functional tests.
So what should I do to rely on Rails’ own mechanism to display the 404
page?

Thanks a lot
Josh

2

Oh, even cooler would be to distinguish between production and
development mode!

In development mode I’d like to display an Exception, and in
production/test mode it should behave like described above.

3

Wouldn’t anyone seeing that error just become confused as to why a
development-mode error message was being shown during a production
environment, though? This would encourage me to dig deeper than just a
‘get out of my stuff’ message.

On Nov 13, 2007 7:21 PM, Joshua M.
[email protected] wrote:

I already tried it with
But it seems that this Exception is only used by the functional tests.
So what should I do to rely on Rails’ own mechanism to display the 404
page?

Thanks a lot
Josh

Posted via http://www.ruby-forum.com/.


Edd Morgan
http://www.eddm.co.uk
+44 (0) 7805 089097

4

Edd Morgan wrote:

Wouldn’t anyone seeing that error just become confused as to why a
development-mode error message was being shown during a production
environment, though? This would encourage me to dig deeper than just a
‘get out of my stuff’ message.

Well, maybe I confused some stuff in my post. In fact I just want to
imitate the same behavior that Rails shows when an unknown action is
called, independent of whether I’m in development or in production mode:

  • When in development mode, do what Rails would do
  • When in production mode, do what Rails would do

I then only added the useful exception (in my 2nd post) of displaying
some more info for developers so they can distinguish between really not
existing actions and now allowed actions.

5

Joshua M. wrote:

Oh, even cooler would be to distinguish between production and
development mode!

In development mode I’d like to display an Exception, and in
production/test mode it should behave like described above.

This may help:

Allows you to define what should happen when a controller raises an
exception that isn’t rescued both in development and production.

6

Daniel W. wrote:

Joshua M. wrote:

Oh, even cooler would be to distinguish between production and
development mode!

In development mode I’d like to display an Exception, and in
production/test mode it should behave like described above.

This may help:
ActionController::Rescue

Allows you to define what should happen when a controller raises an
exception that isn’t rescued both in development and production.

Thank you! But this is only the “counterpart” of what I want to do -
it’s the way to catch exceptions, but I want to throw one (I guess)…

7

Are you looking for raise?

raise “I blew up!”

-Bill

Joshua M. wrote:

This may help:
ActionController::Rescue

Allows you to define what should happen when a controller raises an
exception that isn’t rescued both in development and production.

Thank you! But this is only the “counterpart” of what I want to do -
it’s the way to catch exceptions, but I want to throw one (I guess)…


Sincerely,

William P.