The usual CRUD controller actions assume that certain parameters were sent. Let's use a controller for books as an example:
BooksController < ApplicationController
def create
@book = Book.new params[:book]
# ..etc..
end
end
So #create assumes that params[:book] exists. This is fine, because if the "book" field wasn't POSTed to #create, then params[:book] will simply be nil, because 'params' is a Hash.
However, if our controller action tries to look at params[:book][:page_ids] when the "book" field wasn't POSTed to #create, we'd get a NoMethodError. This is because params[:book] is nil, which means that params[:book][:page_ids] is equivalent to nil[:page_ids] , which will obviously raise an error.
So the question is, do you bother to write additional checks for your controller actions for these edge cases?
I would, because I like to be thorough and know that I've covered all of my bases. But I can understand why people wouldn't bother, because said edge cases will probably only be generated by yourself during testing, and by hooligans mucking with your forms.
One good way to think about it is: if you did have an extra check,
what would it do? In other words, if create gets executed and
params[:book] is nil, what would you want to happen?
Hi David. I was thinking about what do in this situation, and reckon that any of these is a good approach to take:
1) Send a redirect to an appropriate page and return from the method;
2) Render an appropriate page, and return from the method;
3) Set params[:book] to an empty Hash;
And, as a
follow-up, does your current error-reporting process already do what
you would want to have done in such a case?
I haven't setup error-reporting in the app yet, but it's in my issue tracker as another thing to do before releasing a beta!
One good way to think about it is: if you did have an extra check,
what would it do? In other words, if create gets executed and
params[:book] is nil, what would you want to happen?
Hi David. I was thinking about what do in this situation, and reckon
that any of these is a good approach to take:
1) Send a redirect to an appropriate page and return from the method;
2) Render an appropriate page, and return from the method;
3) Set params[:book] to an empty Hash;
My take on this: say you made a mistake somewhere, for example your
form is submitting a parameter with the wrong name (or the controller
was using the wrong parameter) and that it wasn't caught by your tests
(after all your tests won't be checking that the inputs you use in
your functional test are the same as those that would be produced by a
browser having rendered your form)
I want:
- to know about it yourself (ie. David's follow up)
- it be obvious to the user that something bad happened (I.e don't
lull in them into a false sense of security by giving the impression
the record was created fine whereas you actually just created it off
the back of an empty Hash. You don't need to display the full grungey
error page, a 'something bad happened page' is fine usually
That's a good point you raise, Fred. The third solution that I proposed could cover up some bugs in your app that you'd want to actually see. Also, as you said, there's no need to fake rainbows and unicorns for a user who submits bad data on purpose.
-Nick