Question on routes and default routes

11175 · March 15, 2009, 4:25pm

Say I have a destroy action configured as the following

map.foo '/foos/:id', :controller => 'foos', :action => 'show', :conditions => { :method => :get } map.foo '/foos/:id', :controller => 'foos', :action => 'destroy', :conditions => { :method => :delete }

Get on foos/:id goes to show and delete on foos/:id goes to destroy. Nice and restful so all good so far.

But now say if i have the following default route in my routes.rb

map.connect ':controller/:action/:id'

Now someone can explicitly type in the url http://…/foos/destroy/123 and it will go to my destroy action in controller foos although this action should only be accessed by a POST/DELETE not a GET.

Is there anyway to prevent a get on that action other than checking within the controller itself?

def destroy return home_url unless method.delete? ... end

Thanks!

Brandon_Olivares · March 15, 2009, 8:13pm

Hi,

I'm kind of new to rails, but I'm pretty sure it is suggested that you remove those defaults, and only create routes explicitly.

Thanks, Brandon

Bob_Martens · March 15, 2009, 8:34pm

If you are going to go with a Restful design, why not just you map.resources?

_Wolas · March 16, 2009, 11:19am

It is NOT suggested that the defaults be removed like Brandond says.

It IS suggested that you use map.resources :foos. Which will give you what you want.

if you, however, want to check explicitely for the method of and action you can do things like:

def some_action render(:text => "you shouldnt be trying this") and return unless reques.post? .... .... end