I have a few questions regarding REST and the Authenticity Token. I’m
using a RESTful aproach for my small project and everything worked fine
untill I wanted to destroy a record.
Lets say we have a listing of folder (a folder is just a record) and I
want to destroy one by using this link:
<%= link_to image_tag(‘icons/folder_delete.png’), {:url =>
folder_path(folder.name) }, { :method => :delete, :title => ‘Delete this
folder’, :confirm => “All files and subfolders will be deleted!\nAre you
sure?” } %>
How come the form generated for this link doesn’t contain a Authenticity
token? For all my other crud forms I also had to explicitly write the
<%= token_tag %>. This may be the right way, but I remember reading
something on this forum that the Authenticity token is generated
automatically for destroy links and forms.
Another think that I would like to answer is the RESTful urls. In normal
crud actions you rely on the unique id of your record. My project is a
multi user system where a user can create folder, etc. To make the url
more clear for the user, I would like to use the name of a given folder
(record). That is why is use the following : folder_path(folder.name) .
But in my controller, I can’t use redirect_to folder_url(@folder), so I
use something like
redirect_to(folder_path(session[:current_folder].name)) instead.
My question is do I brake some “REST rule” by doing this? Or is there a
better, more cleaner way for displaying the folder names and still be
using id’s?
Looks like the Authenticity token problem was a my bad.
But still I can’t seem to delete the record.
In my list lets say the root folder, I have several child folders. Next
to every child folder, I have a delete action:
<%= link_to image_tag(‘icons/folder_delete.png’), {:url =>
folder_path(folder) }, { :method => :delete, :title => ‘Delete this
folder’, :confirm => “All files and subfolders will be deleted!\nAre you
sure?” } %>
But for some reason, the id points to the folder I am in and not the
folder that I want to delete from the list.
<%= link_to image_tag(‘icons/folder_delete.png’), {:url =>
folder_path(folder) }, { :method => :delete, :title => ‘Delete this
folder’, :confirm => “All files and subfolders will be deleted!\nAre you
sure?” } %>
Forming the link like this
<%= link_to image_tag(‘icons/folder_delete.png’), {:action => ‘destroy’,
:id => folder }, { :method => :delete, :title => ‘Delete this folder’,
:confirm => “All files and subfolders will be deleted!\nAre you sure?” }
%>
seems to work. But sometims I still get the Authenticity Token error.
After a page refresh, everything is back in order. Can this be due to my
redirect?
thank you for your good reply. It was certainly a dumb mistake of my
part with the link_to helper. I can’t believe I overlooked that.
You sure helped me in the right direction conserning using the name
attribute instead of the id. I have allready changed everything back for
using id’s and will change them back using names after I tighten the
system.
My second problem with the Authenticity token was due to the fact the
the :secret in my application controller was not commented anymore. And
that gave some unexpected errors. Seems like I don’t understand the
whole Authenticity Token system yet. Can anyone provide me with a site
where I could read upon the subject more in detail?
It looks like the problem with your first attempt is that you are
using link_to_remote semantics with link_to. link_to_remote accepts
the ‘url’ option, but link_to expects you to provide the url either
as the first parameter (a string, possibly via a path statement) or
using the url_for parts like :controller and :action. That’s what
you’ve done in your latest version. You could format it with named
routes like this:
<%= link_to image_tag(‘icons/folder_delete.png’),
folder_path(folder),
{ :method => :delete,
:title => ‘Delete this folder’,
:confirm => “All files and subfolders will be deleted!\nAre
you sure?” }
%>
If you want to use the folder name every time time you refer to a
folder you can override the to_param method for your Folder class so
that it returns the folder name. By default it returns the record
id. Two caveats:
If you use the name rather than the id make sure you validate for
uniqueness.
You’ll have to make sure you do some sanitizing for the name (e.g.,
urls cannot use a space and several other characters).
Could #2 be related to your occasional problem with deleting folders?
That is, does it happen consistently when you delete a folder with a
space in the name?