Ticket #1763: sessman.diff

test/controller/session_management_test.rb

@@ +1 @@
+require File.dirname(__FILE__) + '/../abstract_unit'
+
+class SessionManagementTest < Test::Unit::TestCase
+  class SessionOffController < ActionController::Base
+    session :off
+
+    def show
+      render_text "done"
+    end
+
+    def tell
+      render_text "done"
+    end
+  end
+
+  class TestController < ActionController::Base
+    session :off, :only => :show
+    session :session_secure => true, :except => :show
+
+    def show
+      render_text "done"
+    end
+
+    def tell
+      render_text "done"
+    end
+  end
+
+  def setup
+    @request, @response = ActionController::TestRequest.new,
+      ActionController::TestResponse.new
+  end
+
+  def test_session_off_globally
+    @controller = SessionOffController.new
+    get :show
+    assert_equal false, @request.session_options
+    get :tell
+    assert_equal false, @request.session_options
+  end
+
+  def test_session_off_conditionally
+    @controller = TestController.new
+    get :show
+    assert_equal false, @request.session_options
+    get :tell
+    assert_instance_of Hash, @request.session_options
+    assert @request.session_options[:session_secure]
+  end
+end

lib/action_controller/session_management.rb

@@ +1 @@
+module ActionController #:nodoc:
+  module SessionManagement #:nodoc:
+    def self.append_features(base)
+      super
+      base.extend(ClassMethods)
+      base.class_eval do
+        alias_method :process_without_session_management_support, :process
+        alias_method :process, :process_with_session_management_support
+      end
+    end
+
+    module ClassMethods
+      # Specify how sessions ought to be managed for a subset of the actions on
+      # the controller. Like filters, you can specify <tt>:only</tt> and
+      # <tt>:except</tt> clauses to restrict the subset, otherwise options
+      # apply to all actions on this controller.
+      #
+      # The session options are inheritable, as well, so if you specify them in
+      # a parent controller, they apply to controllers that extend the parent.
+      #
+      # Usage:
+      #
+      #   # turn off session management for all actions.
+      #   session :off
+      #
+      #   # turn off session management for all actions _except_ foo and bar.
+      #   session :off, :except => %w(foo bar)
+      #
+      #   # turn off session management for only the foo and bar actions.
+      #   session :off, :only => %w(foo bar)
+      #
+      #   # the session will only work over HTTPS, but only for the foo action
+      #   session :only => :foo, :session_secure => true
+      #
+      # All session options described for ActionController::Base.process_cgi
+      # are valid arguments.
+      def session(*args)
+        options = Hash === args.last ? args.pop : {}
+
+        options[:disabled] = true if !args.empty?
+        options[:only] = [*options[:only]].map { |o| o.to_s } if options[:only]
+        options[:except] = [*options[:except]].map { |o| o.to_s } if options[:except]
+        if options[:only] && options[:except]
+          raise ArgumentError, "only one of either :only or :except are allowed"
+        end
+
+        write_inheritable_array("session_options", [options])
+      end
+
+      def session_options_for(action) #:nodoc:
+        options = {}
+
+        action = action.to_s
+        (read_inheritable_attribute("session_options") || []).each do |opts|
+          if opts[:only] && opts[:only].include?(action)
+            options.merge!(opts)
+          elsif opts[:except] && !opts[:except].include?(action)
+            options.merge!(opts)
+          elsif !opts[:only] && !opts[:except]
+            options.merge!(opts)
+          end
+        end
+
+        options.delete :only
+        options.delete :except
+
+        options[:disabled] ? false : options
+      end
+    end
+
+    def process_with_session_management_support(request, response, method = :perform_action, *arguments) #:nodoc:
+      action = request.parameters["action"] || "index"
+      request.session_options = self.class.session_options_for(action)
+      process_without_session_management_support(request, response, method, *arguments)
+    end
+  end
+end

lib/action_controller/test_process.rb

@@ -14 +14 @@
-  end
-
-  class TestRequest < AbstractRequest #:nodoc:
-
+, :session_options
-    attr_accessor :query_parameters, :request_parameters, :path, :session, :env
-    attr_accessor :host
-

lib/action_controller/cgi_process.rb

@@ -37 +37 @@
-  end
-
-  class CgiRequest < AbstractRequest #:nodoc:
-
+, :session_options
-
-    DEFAULT_SESSION_OPTIONS = {
-      :database_manager => CGI::Session::PStore,
@@ -115 +115 @@
-    end
-    
-    def reset_session
-
+ if CGI::Session === @session
-      @session = (@session_options == false ? {} : new_session)
-    end
-

lib/action_controller.rb

@@ -50 +50 @@
-require 'action_controller/verification'
-require 'action_controller/streaming'
-require 'action_controller/auto_complete'
+require 'action_controller/session_management'
-
-require 'action_view'
-ActionController::Base.template_class = ActionView::Base
@@ -71 +72 @@
-  include ActionController::Verification
-  include ActionController::Streaming
-  include ActionController::AutoComplete
+  include ActionController::SessionManagement
-end