tags:

views:

19

answers:

2
Q: 

Rails 3 routes - how can I automatically map each action (with exceptions)?

I am a relative beginner at Rails 3 routing and it has now caused me enough pain that I want to figure out the real solution.

A couple of details:

  • I have some semi-restful controllers that contain some methods outside the standard seven new, create, edit, update, destroy, etc.

  • Generally, I want my routes page to map everything to 'controller/action', but perhaps with the rare exception.

  • I am under the impression that having a general mapping like match ':controller/:action' is not recommended for security reasons, even though I prefer to use session data rather than params which are more easily modified.

What's the best way to go about structuring my routes document in an efficient way?

A: 

You just need define all your route. Only what your really need. use resources to generate some automatic route for you with :only or :except option to avoid useless route.

Less you have route in your route.rb and better is it. So define only what your want and not more.

shingara  2010-10-05 07:00:12
+1  A: 

you can use this match in routes.rb:

  match ':controller(/:action(/:id(.:format)))'

or some of its variant like get instead of match, etc.

As routes are resolved from top to bottom then you can use your exceptions (and standard resource routes) above the generic route rule.

As for the security concerns - if you have this generic rule in your routing table then you should protected all non-action methods in controller with private keyword.

There is another problem with generic rule. Compare this rule:

get "foo/show/:id", :to => "foo#show"

with the generic one. The good thing of this explicit rule is the fact that it's never called for /foo/show (without the id part) so you will not be in situation when there is no params[:id] in your action method.

And one last comment on your question: using session for keeping navigation state is not generally a good thing. It depends on your configuration but sessions can be shared between two browser tabs - and then the navigation can get pretty messy. And don't forget the dreadful Back button.

So my opinion is that you really should not use generic route.

pawien  2010-10-05 07:05:13
This is excellent Pawien, thank you. Interesting point on the sessions.
sscirrus  2010-10-05 07:08:24

related questions

Is there a rake task for backing up the data in your database?
How to represent cross-model information in MVC?
WYSIWYG editor gem for Rails?
Best Solution For Authentication in Ruby on Rails
Acts-as-readable Rails plugin Issue
Associating source and search keywords with account creation
Any tips on getting Rails to run with an Access back-end?
Being as DRY as possible in a Ruby on Rails App
How Do You Secure database.yml?
What IDE to use for developing in Ruby on Rails on windows?
Is Ruby On Rails ready for the Enterprise?
OpenID authentication in Ruby on Rails
Why Doesn't My Cron Job Work Properly?
Why does sqlite3-ruby-1.2.2 not work on OS X?
Ruby mixins and calling super methods
Why all the Active Record hate?
Haml: how do I set a dymanic class value?
Learning Ruby on Rails any good for Grails?
How to sell Python to a client/boss/person with lots of cash
How do I create a new Ruby on Rails application using MySQL instead of SQLite?
Ruby On Rails with Windows Vista - Best Setup?
What is good forum software to add to an existing Rails application?
How do I fix 'Unprocessed view path found' error with ExceptionNotifier plugin in rails 2.1?
Frequent SystemExit in Ruby when making HTTP calls
Implementation of "Remember me" in a Rails application.