handle return paths mroe gracefully from "Back" in Agent show

This commit is contained in:
Andrew Cantino 2015-09-01 19:57:16 -07:00
parent 617c3c51c6
commit 41f4d6e339
6 changed files with 20 additions and 17 deletions

View file

@ -235,18 +235,7 @@ class AgentsController < ApplicationController
# Sanitize params[:return] to prevent open redirect attacks, a common security issue.
def redirect_back(message, options = {})
case ret = params[:return] || options[:return]
when "show"
if @agent && !@agent.destroyed?
path = agent_path(@agent)
else
path = agents_path
end
when /\A#{Regexp::escape scenarios_path}\/\d+\z/, agents_path
path = ret
end
if path
if path = filtered_agent_return_link(options)
redirect_to path, notice: message
else
super agents_path, notice: message

View file

@ -30,6 +30,20 @@ class ApplicationController < ActionController::Base
basecamp_auth_check
end
def filtered_agent_return_link(options = {})
case ret = params[:return].presence || options[:return]
when "show"
if @agent && !@agent.destroyed?
agent_path(@agent)
else
agents_path
end
when /\A#{Regexp::escape scenarios_path}\/\d+\z/, agents_path
ret
end
end
helper_method :filtered_agent_return_link
private
def twitter_oauth_check

View file

@ -12,7 +12,7 @@
<% end %>
<li>
<%= link_to icon_tag('glyphicon-eye-open') + ' Show'.html_safe, agent_path(agent) %>
<%= link_to icon_tag('glyphicon-eye-open') + ' Show'.html_safe, agent_path(agent, return: return_to) %>
</li>
<li class="divider"></li>

View file

@ -14,7 +14,7 @@
<% @agents.each do |agent| %>
<tr>
<td class='<%= "agent-unavailable" if agent.unavailable? %>'>
<%= link_to agent.name, agent_path(agent) %>
<%= link_to agent.name, agent_path(agent, return: (defined?(return_to) && return_to) || request.path) %>
<br/>
<span class='text-muted'><%= agent.short_type.titleize %></span>
<% if agent.scenarios.present? %>
@ -64,7 +64,7 @@
<button type="button" class="btn btn-default btn-sm dropdown-toggle" data-toggle="dropdown">
<span class="glyphicon glyphicon-th-list"></span> Actions <span class="caret"></span>
</button>
<%= render 'agents/action_menu', :agent => agent, :return_to => (defined?(return_to) && return_to) || request.path %>
<%= render 'agents/action_menu', agent: agent, return_to: (defined?(return_to) && return_to) || request.path %>
</div>
</td>
</tr>

View file

@ -2,7 +2,7 @@
<div class='row'>
<div class='col-md-2'>
<ul class="nav nav-pills nav-stacked" id="show-tabs">
<li><%= link_to icon_tag('glyphicon-chevron-left') + ' Back'.html_safe, agents_path %></li>
<li><%= link_to icon_tag('glyphicon-chevron-left') + ' Back'.html_safe, filtered_agent_return_link || agents_path %></li>
<% if agent_show_view(@agent).present? %>
<li class='active'><a href="#summary" data-toggle="tab"><span class='glyphicon glyphicon-picture'></span> Summary</a></li>

View file

@ -16,7 +16,7 @@
<div class="btn-group">
<%= link_to icon_tag('glyphicon-chevron-left') + ' Back', scenarios_path, class: "btn btn-default" %>
<%= link_to icon_tag('glyphicon-plus') + ' New Agent', new_agent_path(scenario_id: @scenario.id), class: "btn btn-default" %>
<%= link_to icon_tag('glyphicon-plus') + ' New Agent', new_agent_path(scenario_id: @scenario.id, return: request.path), class: "btn btn-default" %>
<%= link_to icon_tag('glyphicon-random') + ' View Diagram', scenario_diagram_path(@scenario), class: "btn btn-default" %>
<%= link_to icon_tag('glyphicon-edit') + ' Edit', edit_scenario_path(@scenario), class: "btn btn-default" %>
<% if @scenario.source_url.present? %>