Small Refactoring

Streamline check that non-idempotent actions are submitted via POST.
2008-12-14 23:29:40 -06:00 · 2008-12-14 23:29:40 -06:00 · 3bef45277f
parent 5d7d89d193
commit 3bef45277f
1 changed files with 16 additions and 25 deletions
--- a/app/controllers/admin_controller.rb
+++ b/app/controllers/admin_controller.rb
@ -25,11 +25,7 @@ class AdminController < ApplicationController

  def create_web
    if params['address']
-      unless (request.post? || ENV["RAILS_ENV"] == "test")
-        headers['Allow'] = 'POST'
-        render(:status => 405, :text => 'You must use an HTTP POST', :layout => 'error')
-        return
-      end
+      return unless is_post
      # form submitted
      if @wiki.authenticate(params['system_password'])
        begin
@ -52,11 +48,7 @@ class AdminController < ApplicationController
  def edit_web
    system_password = params['system_password']
    if system_password
-      unless (request.post? || ENV["RAILS_ENV"] == "test")
-        headers['Allow'] = 'POST'
-        render(:status => 405, :text => 'You must use an HTTP POST', :layout => 'error')
-        return
-      end
+      return unless is_post
      # form submitted
      if wiki.authenticate(system_password)
        begin
@ -89,11 +81,7 @@ class AdminController < ApplicationController
  end

  def remove_orphaned_pages
-    unless (request.post? || ENV["RAILS_ENV"] == "test")
-      headers['Allow'] = 'POST'
-      render(:status => 405, :text => 'You must use an HTTP POST', :layout => 'error')
-      return
-    end
+    return unless is_post
    if wiki.authenticate(params['system_password_orphaned'])
      wiki.remove_orphaned_pages(@web_name)
      flash[:info] = 'Orphaned pages removed'
@ -105,11 +93,7 @@ class AdminController < ApplicationController
  end
  
  def remove_orphaned_pages_in_category
-    unless (request.post? || ENV["RAILS_ENV"] == "test")
-      headers['Allow'] = 'POST'
-      render(:status => 405, :text => 'You must use an HTTP POST', :layout => 'error')
-      return
-    end
+    return unless is_post
    if wiki.authenticate(params['system_password_orphaned_in_category'])
      category = params['category']
      wiki.remove_orphaned_pages_in_category(@web_name, category)
@ -122,11 +106,7 @@ class AdminController < ApplicationController
  end

  def delete_web
-    unless (request.post? || ENV["RAILS_ENV"] == "test")
-      headers['Allow'] = 'POST'
-      render(:status => 405, :text => 'You must use an HTTP POST', :layout => 'error')
-      return
-    end
+    return unless is_post
    if wiki.authenticate(params['system_password_delete_web'])
      @web.remove_pages(@web.select_all)
      wiki.delete_web(@web_name)
@ -138,4 +118,15 @@ class AdminController < ApplicationController
    end  
  end

+private
+
+  def is_post
+    unless (request.post? || ENV["RAILS_ENV"] == "test")
+      headers['Allow'] = 'POST'
+      render(:status => 405, :text => 'You must use an HTTP POST', :layout => 'error')
+      return false
+    end
+    return true
+  end
+
 end