handle return paths mroe gracefully from "Back" in Agent show

app/controllers/agents_controller.rb

@@ -235,18 +235,7 @@ class AgentsController < ApplicationController
 
   # Sanitize params[:return] to prevent open redirect attacks, a common security issue.
   def redirect_back(message, options = {})
-    case ret = params[:return] || options[:return]
-    when "show"
-      if @agent && !@agent.destroyed?
-        path = agent_path(@agent)
-      else
-        path = agents_path
-      end
-    when /\A#{Regexp::escape scenarios_path}\/\d+\z/, agents_path
-      path = ret
-    end
-
-    if path
+    if path = filtered_agent_return_link(options)
       redirect_to path, notice: message
     else
       super agents_path, notice: message

app/controllers/application_controller.rb

@@ -30,6 +30,20 @@ class ApplicationController < ActionController::Base
     basecamp_auth_check
   end
 
+  def filtered_agent_return_link(options = {})
+    case ret = params[:return].presence || options[:return]
+      when "show"
+        if @agent && !@agent.destroyed?
+          agent_path(@agent)
+        else
+          agents_path
+        end
+      when /\A#{Regexp::escape scenarios_path}\/\d+\z/, agents_path
+        ret
+    end
+  end
+  helper_method :filtered_agent_return_link
+
   private
 
   def twitter_oauth_check

app/views/agents/_action_menu.html.erb

@@ -12,7 +12,7 @@
   <% end %>
 
   <li>
-    <%= link_to icon_tag('glyphicon-eye-open') + ' Show'.html_safe, agent_path(agent) %>
+    <%= link_to icon_tag('glyphicon-eye-open') + ' Show'.html_safe, agent_path(agent, return: return_to) %>
   </li>
 
   <li class="divider"></li>

app/views/agents/_table.html.erb

@@ -14,7 +14,7 @@
     <% @agents.each do |agent| %>
       <tr>
         <td class='<%= "agent-unavailable" if agent.unavailable? %>'>
-          <%= link_to agent.name, agent_path(agent) %>
+          <%= link_to agent.name, agent_path(agent, return: (defined?(return_to) && return_to) || request.path) %>
           <br/>
           <span class='text-muted'><%= agent.short_type.titleize %></span>
           <% if agent.scenarios.present? %>
@@ -64,7 +64,7 @@
             <button type="button" class="btn btn-default btn-sm dropdown-toggle" data-toggle="dropdown">
               <span class="glyphicon glyphicon-th-list"></span> Actions <span class="caret"></span>
             </button>
-            <%= render 'agents/action_menu', :agent => agent, :return_to => (defined?(return_to) && return_to) || request.path %>
+            <%= render 'agents/action_menu', agent: agent, return_to: (defined?(return_to) && return_to) || request.path %>
           </div>
         </td>
       </tr>

app/views/agents/show.html.erb

@@ -2,7 +2,7 @@
   <div class='row'>
     <div class='col-md-2'>
         <ul class="nav nav-pills nav-stacked" id="show-tabs">
-          <li><%= link_to icon_tag('glyphicon-chevron-left') + ' Back'.html_safe, agents_path %></li>
+          <li><%= link_to icon_tag('glyphicon-chevron-left') + ' Back'.html_safe, filtered_agent_return_link || agents_path %></li>
 
           <% if agent_show_view(@agent).present? %>
             <li class='active'><a href="#summary" data-toggle="tab"><span class='glyphicon glyphicon-picture'></span> Summary</a></li>

app/views/scenarios/show.html.erb

@@ -16,7 +16,7 @@
 
       <div class="btn-group">
         <%= link_to icon_tag('glyphicon-chevron-left') + ' Back', scenarios_path, class: "btn btn-default" %>
-        <%= link_to icon_tag('glyphicon-plus') + ' New Agent', new_agent_path(scenario_id: @scenario.id), class: "btn btn-default" %>
+        <%= link_to icon_tag('glyphicon-plus') + ' New Agent', new_agent_path(scenario_id: @scenario.id, return: request.path), class: "btn btn-default" %>
         <%= link_to icon_tag('glyphicon-random') + ' View Diagram', scenario_diagram_path(@scenario), class: "btn btn-default" %>
         <%= link_to icon_tag('glyphicon-edit') + ' Edit', edit_scenario_path(@scenario), class: "btn btn-default" %>
         <% if @scenario.source_url.present? %>