Ruby on Rails | Screencasts | Download | Documentation | Weblog | Community | Source

Ticket #7229 (closed defect: fixed)

Opened 1 year ago

Last modified 1 year ago

[PATCH] Fix bug in RESTful Routes where DELETE/PUT were allowed against collections due to optional id

Reported by: dkubb Assigned to: bitsweat
Priority: normal Milestone: 1.2
Component: ActionPack Version: edge
Severity: normal Keywords: REST routing
Cc: josh

Description

This patch fixes a bug in RESTful Routing which allows DELETE and PUT to be performed on a collection because :id was optional. It makes the id parameter required for show, edit, update, destroy actions for all resources, except singleton resources.

Attachments

put_and_delete_requires_id.diff (13.2 kB) - added by dkubb on 01/20/07 13:53:55.
put_and_delete_requires_id2.diff (20.4 kB) - added by dkubb on 01/26/07 19:47:33.

Change History

01/20/07 13:53:55 changed by dkubb

  • attachment put_and_delete_requires_id.diff added.

(in reply to: ↑ description ) 01/20/07 15:01:20 changed by josh

Nice work.

This will fix the 500 that shows up when you try to DELETE or PUT a collection.

01/26/07 16:49:41 changed by bitsweat

  • cc changed from josh, bitsweat to josh.
  • owner changed from core to bitsweat.

There's a bit of duplication here: many action.to_s calls instead of one in the action_options; repeated identical calls to action_options; and conditions_for being merged in both action_options and the methods which call action_options.

01/26/07 19:47:33 changed by dkubb

  • attachment put_and_delete_requires_id2.diff added.

01/26/07 19:56:16 changed by dkubb

Attached is a new patch. The code bitsweat mentioned has been refactored and duplicate code removed.

Heckle showed a few mutations that weren't being tested for, so I beefed up the test cases too. The code in action_controller/resources.rb shows 100% code coverage with no mutations remaining.

01/28/07 08:20:07 changed by bitsweat

  • status changed from new to closed.
  • resolution set to fixed.

(In [6062]) Resource member routes require :id, eliminating the ambiguous overlap with collection routes. Closes #7229.

(follow-up: ↓ 6 ) 01/28/07 08:29:14 changed by bitsweat

(In [6063]) Merge [6062] from trunk. References #7229.

(in reply to: ↑ 5 ) 02/01/07 10:47:43 changed by jkit

Replying to bitsweat:

(In [6063]) Merge [6062] from trunk. References #7229.

This change-set accentuated a bug exhibited by the test case found in #7422.