[uf-rest] RESTifying RAILs
Dan Kubb
dan.kubb at autopilotmarketing.com
Sat Nov 5 17:44:29 PST 2005
Hi David,
> Stuff like person_POST seriously hurts my aesthetics. I might be
> persuaded to something like:
>
> class PersonController < ActiveController::Base
> use_rest_routing
>
> def post
> Person.find(params[:id]).update_attributes(params[:person])
> redirect_to :whatever
> end
>
> def get
> @person = Person.find(params[:id])
> end
> end
>
> But to be honest, I don't know how helpful that would be. Casing on
> request.method seem more generally applicable, flexible, and less
> intrusive.
While there's nothing wrong with the case statement
example you provided, I think there is one nice advantage
to routing to explicitly named methods: through
introspection you can figure out what HTTP methods a
controller can handle.
This can cut out the code you need to write to handle
OPTIONS handlers, since it will be pretty much the same
for most controllers: Set the Allow headers to a comma
separated list of supported methods, and return a
2xx status code.
An options() method could be in the base class, and all
RESTified controllers would automatically support the
OPTIONS HTTP method with no extra work on the part of
the developer.
Another way it would help is for responding to non-handled
HTTP methods. If a request comes in for a known, but non-handled
method a "405 Method Not Allowed" could be returned. For
completely unknown HTTP methods a "501 Not Implemented" can
be returned. While both of these checks can be done within a
case statement, there would be less duplication if we check
these things in the routing stage.
Also imagine you want ALL users to be able to perform GET, HEAD
and OPTIONS; but admin users are allowed to also do POST, PUT
and DELETE. It will be relatively easy to add access control
if the request flows through a central routing mechanism... you'd
be able to do neat things like:
class PersonController < ActiveController::Base
limit_method :post, :put, :delete, :role => :admin_user
# ...
end
Retrofitting access control like this into case-statement based
code would likely be messier and result in more duplicate code.
--
Thanks,
Dan
__________________________________________________________________
Dan Kubb Email: dan.kubb at autopilotmarketing.com
Autopilot Marketing Inc. Phone: 1 (604) 820-0212
Web: http://www.autopilotmarketing.com
__________________________________________________________________
More information about the microformats-rest
mailing list