REST urls and Authenticity Token

Hi,

I have a few questions regarding REST and the Authenticity Token. I’m
using a RESTful aproach for my small project and everything worked fine
untill I wanted to destroy a record.

Lets say we have a listing of folder (a folder is just a record) and I
want to destroy one by using this link:

<%= link_to image_tag(‘icons/folder_delete.png’), {:url =>
folder_path(folder.name) }, { :method => :delete, :title => ‘Delete this
folder’, :confirm => “All files and subfolders will be deleted!\nAre you
sure?” } %>

How come the form generated for this link doesn’t contain a Authenticity
token? For all my other crud forms I also had to explicitly write the
<%= token_tag %>. This may be the right way, but I remember reading
something on this forum that the Authenticity token is generated
automatically for destroy links and forms.

Another think that I would like to answer is the RESTful urls. In normal
crud actions you rely on the unique id of your record. My project is a
multi user system where a user can create folder, etc. To make the url
more clear for the user, I would like to use the name of a given folder
(record). That is why is use the following : folder_path(folder.name) .

But in my controller, I can’t use redirect_to folder_url(@folder), so I
use something like
redirect_to(folder_path(session[:current_folder].name)) instead.
My question is do I brake some “REST rule” by doing this? Or is there a
better, more cleaner way for displaying the folder names and still be
using id’s?

Thank you in advance for your replies

Looks like the Authenticity token problem was a my bad.

But still I can’t seem to delete the record.
In my list lets say the root folder, I have several child folders. Next
to every child folder, I have a delete action:

<%= link_to image_tag(‘icons/folder_delete.png’), {:url =>
folder_path(folder) }, { :method => :delete, :title => ‘Delete this
folder’, :confirm => “All files and subfolders will be deleted!\nAre you
sure?” } %>

But for some reason, the id points to the folder I am in and not the
folder that I want to delete from the list.

Did I make a wrong turn with REST?

Michael R. wrote:

<%= link_to image_tag(‘icons/folder_delete.png’), {:url =>
folder_path(folder) }, { :method => :delete, :title => ‘Delete this
folder’, :confirm => “All files and subfolders will be deleted!\nAre you
sure?” } %>

Forming the link like this

<%= link_to image_tag(‘icons/folder_delete.png’), {:action => ‘destroy’,
:id => folder }, { :method => :delete, :title => ‘Delete this folder’,
:confirm => “All files and subfolders will be deleted!\nAre you sure?” }
%>

seems to work. But sometims I still get the Authenticity Token error.
After a page refresh, everything is back in order. Can this be due to my
redirect?

@Andy:

thank you for your good reply. It was certainly a dumb mistake of my
part with the link_to helper. I can’t believe I overlooked that.

You sure helped me in the right direction conserning using the name
attribute instead of the id. I have allready changed everything back for
using id’s and will change them back using names after I tighten the
system.

My second problem with the Authenticity token was due to the fact the
the :secret in my application controller was not commented anymore. And
that gave some unexpected errors. Seems like I don’t understand the
whole Authenticity Token system yet. Can anyone provide me with a site
where I could read upon the subject more in detail?

Thank you in advance for the great help.

It looks like the problem with your first attempt is that you are
using link_to_remote semantics with link_to. link_to_remote accepts
the ‘url’ option, but link_to expects you to provide the url either
as the first parameter (a string, possibly via a path statement) or
using the url_for parts like :controller and :action. That’s what
you’ve done in your latest version. You could format it with named
routes like this:

<%= link_to image_tag(‘icons/folder_delete.png’),
folder_path(folder),
{ :method => :delete,
:title => ‘Delete this folder’,
:confirm => “All files and subfolders will be deleted!\nAre
you sure?” }
%>

If you want to use the folder name every time time you refer to a
folder you can override the to_param method for your Folder class so
that it returns the folder name. By default it returns the record
id. Two caveats:

  1. If you use the name rather than the id make sure you validate for
    uniqueness.
  2. You’ll have to make sure you do some sanitizing for the name (e.g.,
    urls cannot use a space and several other characters).

Could #2 be related to your occasional problem with deleting folders?
That is, does it happen consistently when you delete a folder with a
space in the name?

On May 19, 8:15 am, Michael R. [email protected]

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs