Class | ApplicationController |
In: |
app/controllers/application_controller.rb
|
Parent: | ActionController::Base |
Filters added to this controller apply to all controllers in the application. Likewise, all the methods added will be available for all controllers.
Create a new object following submission of a ‘create’ view form. Restricted users can‘t do this. Pass the model name as a string.
# File app/controllers/application_controller.rb, line 82 82: def appctrl_create( model ) 83: return appctrl_not_permitted() if ( @current_user.restricted? ) 84: 85: @record = model.constantize.new( params[ model.downcase ] ) 86: 87: if ( @record.save ) 88: flash[ :notice ] = "New #{ model.downcase } added" 89: redirect_to( send( "#{ model.downcase.pluralize }_path" ) ) 90: else 91: render( :action => 'new' ) 92: end 93: end
Prepare to delete an object. Only administrators can do this. Pass the model name as a string.
If successful, sets "@record" and renders the view.
# File app/controllers/application_controller.rb, line 126 126: def appctrl_delete( model ) 127: return appctrl_not_permitted() unless ( @current_user.admin? ) 128: @record = model.constantize.find( params[ :id ] ) 129: end
Destroy an object following confirmation that this is desired. Only administrators can do this. Pass the model name as a string.
# File app/controllers/application_controller.rb, line 134 134: def appctrl_delete_confirm( model ) 135: return appctrl_not_permitted() unless ( @current_user.admin? ) 136: 137: begin 138: model.constantize.destroy( params[ :id ] ) 139: 140: flash[ :notice ] = "#{ model } deleted" 141: redirect_to( send( "#{ model.downcase.pluralize }_path" ) ) 142: 143: rescue => error 144: flash[ :error ] = "Could not destroy #{ model.downcase }: #{ error }" 145: redirect_to( home_path() ) 146: 147: end 148: end
Prepare to edit an object. Restricted users can‘t do this. Pass a model name as a string.
If successful, sets "@record" and renders the view.
# File app/controllers/application_controller.rb, line 100 100: def appctrl_edit( model ) 101: return appctrl_not_permitted() if ( @current_user.restricted? ) 102: @record = model.constantize.find( params[ :id ] ) 103: end
Take out some common code for index views. Deals with the pagination and sorting parameters. Returns a hash suitable for passing on to the paginator. Requires @columns to already be set up; see the index helper methods in application_helper.rb for details, or look at the index method in the User controller as an example. Note that parameter "value_method" is required in the columns data even if a helper method has been given, for sorting purposes.
# File app/controllers/application_controller.rb, line 158 158: def appctrl_index_assist( model ) 159: default_direction = model::DEFAULT_SORT_DIRECTION.downcase 160: default_entries = 10 161: default_page = 1 162: 163: params[ :sort ] = "#{ -1 }" if ( params[ :sort ].nil? ) 164: params[ :page ] = "#{ default_page }" if ( params[ :page ].nil? ) 165: params[ :entries ] = "#{ default_entries }" if ( params[ :entries ].nil? ) 166: params[ :direction ] = "#{ default_direction }" if ( params[ :direction ].nil? ) 167: 168: sort = params[ :sort ].to_i 169: page = params[ :page ].to_i 170: entries = params[ :entries ].to_i 171: entries = default_entries if ( entries <= 0 or entries > 500 ) 172: 173: if ( 0..@columns.length ).include?( sort ) 174: 175: # Valid sort order requested 176: 177: unless ( @columns[ sort ][ :sort_by ].nil? ) 178: order = @columns[ sort ][ :sort_by ].dup 179: else 180: order = @columns[ sort ][ :value_method ].to_s.dup 181: end 182: 183: else 184: 185: # Default sort order - try to match DEFAULT_SORT_COLUMN against one of 186: # the numbered columns. 187: 188: order = model::DEFAULT_SORT_COLUMN.dup 189: 190: @columns.each_index do | index | 191: column = @columns[ index ] 192: 193: if ( column[ :value_method ].to_s == order or column[ :sort_by ].to_s == order ) 194: params[ :sort ] = index.to_s 195: break 196: end 197: end 198: end 199: 200: if ( params[ :direction ] == 'desc' ) 201: order << ' DESC' 202: else 203: order << ' ASC' 204: end 205: 206: return { :page => page, :per_page => entries, :order => order } 207: end
Prepare to create a new object. Restricted users can‘t do this. Pass a model name as a string.
If successful, sets "@record" and renders the view.
# File app/controllers/application_controller.rb, line 72 72: def appctrl_new( model ) 73: return appctrl_not_permitted() if ( @current_user.restricted? ) 74: 75: @record = model.constantize.new 76: @record.assign_defaults( @current_user ) 77: end
If a Controller determines than an action is not permitted, it should call here. Redirects to Home with a permissions message.
# File app/controllers/application_controller.rb, line 48 48: def appctrl_not_permitted 49: render( { :text => 'Action not permitted', :status => 403 } ) 50: end
YUI tree form submission will present selected task IDs as a single string in a comma separated list; the non-JS code does it properly as an array of IDs. Sort this out by patching the params hash. Pass the item to patch (e.g. ":user", ":control_panel"). An optional second parameter lets you override the use of ":task_ids" for the second dimension "params" array reference.
[TODO]: Do this in the JS instead? Requires multiple hiddden INPUTs to [TODO]: be dynamically created, one for each array entry; slow, complex
# File app/controllers/application_controller.rb, line 219 219: def appctrl_patch_params_from_js( sym, name = :task_ids ) 220: task_ids = (params[ sym ] || {} )[ name ] || [] 221: 222: if ( task_ids.length == 1 && task_ids[ 0 ].is_a?( String ) ) 223: params[ sym ][ name ] = task_ids[ 0 ].split( ',' ) 224: end 225: end
Common code for a ‘show’ back-end. Pass a model name as a string. Invokes ‘is_permitted_for?’ on the instance to check for authority to proceed.
If successful, sets "@record" and renders the view.
# File app/controllers/application_controller.rb, line 62 62: def appctrl_show( model ) 63: @record = model.constantize.find( params[ :id ] ) 64: return appctrl_not_permitted() unless ( @record.is_permitted_for?( @current_user ) ) 65: end
Update an object following submission of an ‘edit’ view form. Restricted users can‘t do this. Pass the model name as a string.
# File app/controllers/application_controller.rb, line 108 108: def appctrl_update( model ) 109: return appctrl_not_permitted() if ( @current_user.restricted? ) 110: 111: @record = model.constantize.find( params[ :id ] ) 112: 113: if ( @record.update_attributes( params[ model.downcase ] ) ) 114: flash[ :notice ] = "#{ model } details updated" 115: redirect_to( send( "#{ model.downcase.pluralize }_path" ) ) 116: else 117: render( :action => 'edit' ) 118: end 119: end
Required by acts_as_audited; returns current user, setting the @current_user variable in passing if it is presently unset.
# File app/controllers/application_controller.rb, line 40 40: def current_user 41: appctrl_set_user() 42: return @current_user 43: end