From 3bef45277f6cc68368879ef35fad6c32f6cb011e Mon Sep 17 00:00:00 2001
From: Jacques Distler <distler@golem.ph.utexas.edu>
Date: Sun, 14 Dec 2008 23:29:40 -0600
Subject: [PATCH] Small Refactoring

Streamline check that non-idempotent actions are submitted via POST.
---
 app/controllers/admin_controller.rb | 41 +++++++++++------------------
 1 file changed, 16 insertions(+), 25 deletions(-)

diff --git a/app/controllers/admin_controller.rb b/app/controllers/admin_controller.rb
index 6a8d2b52..2d52d31c 100644
--- a/app/controllers/admin_controller.rb
+++ b/app/controllers/admin_controller.rb
@@ -25,11 +25,7 @@ class AdminController < ApplicationController
 
   def create_web
     if params['address']
-      unless (request.post? || ENV["RAILS_ENV"] == "test")
-        headers['Allow'] = 'POST'
-        render(:status => 405, :text => 'You must use an HTTP POST', :layout => 'error')
-        return
-      end
+      return unless is_post
       # form submitted
       if @wiki.authenticate(params['system_password'])
         begin
@@ -52,11 +48,7 @@ class AdminController < ApplicationController
   def edit_web
     system_password = params['system_password']
     if system_password
-      unless (request.post? || ENV["RAILS_ENV"] == "test")
-        headers['Allow'] = 'POST'
-        render(:status => 405, :text => 'You must use an HTTP POST', :layout => 'error')
-        return
-      end
+      return unless is_post
       # form submitted
       if wiki.authenticate(system_password)
         begin
@@ -89,11 +81,7 @@ class AdminController < ApplicationController
   end
 
   def remove_orphaned_pages
-    unless (request.post? || ENV["RAILS_ENV"] == "test")
-      headers['Allow'] = 'POST'
-      render(:status => 405, :text => 'You must use an HTTP POST', :layout => 'error')
-      return
-    end
+    return unless is_post
     if wiki.authenticate(params['system_password_orphaned'])
       wiki.remove_orphaned_pages(@web_name)
       flash[:info] = 'Orphaned pages removed'
@@ -105,11 +93,7 @@ class AdminController < ApplicationController
   end
   
   def remove_orphaned_pages_in_category
-    unless (request.post? || ENV["RAILS_ENV"] == "test")
-      headers['Allow'] = 'POST'
-      render(:status => 405, :text => 'You must use an HTTP POST', :layout => 'error')
-      return
-    end
+    return unless is_post
     if wiki.authenticate(params['system_password_orphaned_in_category'])
       category = params['category']
       wiki.remove_orphaned_pages_in_category(@web_name, category)
@@ -122,11 +106,7 @@ class AdminController < ApplicationController
   end
 
   def delete_web
-    unless (request.post? || ENV["RAILS_ENV"] == "test")
-      headers['Allow'] = 'POST'
-      render(:status => 405, :text => 'You must use an HTTP POST', :layout => 'error')
-      return
-    end
+    return unless is_post
     if wiki.authenticate(params['system_password_delete_web'])
       @web.remove_pages(@web.select_all)
       wiki.delete_web(@web_name)
@@ -138,4 +118,15 @@ class AdminController < ApplicationController
     end  
   end
 
+private
+
+  def is_post
+    unless (request.post? || ENV["RAILS_ENV"] == "test")
+      headers['Allow'] = 'POST'
+      render(:status => 405, :text => 'You must use an HTTP POST', :layout => 'error')
+      return false
+    end
+    return true
+  end
+
 end