Class ActionController::Base < Object

Converts the class name from something like “OneModule::TwoModule::NeatController” to “NeatController”.

Converts the class name from something like “OneModule::TwoModule::NeatController” to “neat”.

Converts the class name from something like “OneModule::TwoModule::NeatController” to “one_module/two_module/neat”.

Don’t render layouts for templates with the given extensions.

Replace sensitive paramater data from the request log. Filters paramaters that have any of the arguments as a substring. Looks in all subhashes of the param hash for keys to filter. If a block is given, each key and value of the paramater hash and all subhashes is passed to it, the value or key can be replaced using String#replace or similar method.

Examples:

filter_parameter_logging
=> Does nothing, just slows the logging process down

filter_parameter_logging :password
=> replaces the value to all keys matching %rpassword/ with "[FILTERED]"

filter_parameter_logging :foo, "bar"
=> replaces the value to all keys matching %rfoo|bar/ with "[FILTERED]"

filter_parameter_logging { |k,v| v.reverse! if k =~ %rsecret/ }
=> reverses the value to all keys matching %rsecret/

filter_parameter_logging(:foo, "bar") { |k,v| v.reverse! if k =~ %rsecret/ }
=> reverses the value to all keys matching %rsecret/, and
   replaces the value to all keys matching %rfoo|bar/ with "[FILTERED]"

Return an array containing the names of public methods that have been marked hidden from the action processor. By default, all methods defined in ActionController::Base and included modules are hidden. More methods can be hidden using hide_actions.

Hide each of the given methods from being callable as actions.

Process a request extracted from an CGI object and return a response. Pass false as session_options to disable sessions (large performance increase if sessions are not needed). The session_options are the same as for CGI::Session:

• :database_manager - standard options are CGI::Session::FileStore, CGI::Session::MemoryStore, and CGI::Session::PStore (default). Additionally, there is CGI::Session::DRbStore and CGI::Session::ActiveRecordStore. Read more about these in lib/action_controller/session.

• :session_key - the parameter name used for the session id. Defaults to '_session_id'.

• :session_id - the session id to use. If not provided, then it is retrieved from the session_key cookie, or automatically generated for a new session.

• :new_session - if true, force creation of a new session. If not set, a new session is only created if none currently exists. If false, a new session is never created, and if none currently exists and the session_id option is not set, an ArgumentError is raised.

• :session_expires - the time the current session expires, as a Time object. If not set, the session will continue indefinitely.

• :session_domain - the hostname domain for which this session is valid. If not set, defaults to the hostname of the server.

• :session_secure - if true, this session will only work over HTTPS.

• :session_path - the path for which this session applies. Defaults to the directory of the CGI script.

• :cookie_only - if true (the default), session IDs will only be accepted from cookies and not from the query string or POST parameters. This protects against session fixation attacks.

Process a test request called with a TestRequest object.

Converts the class name from something like “OneModule::TwoModule::NeatController” to “NeatController”.

Converts the class name from something like “OneModule::TwoModule::NeatController” to “neat”.

Converts the class name from something like “OneModule::TwoModule::NeatController” to “one_module/two_module/neat”.

Test whether the session is enabled for this request.

Returns a URL that has been rewritten according to the options hash and the defined Routes. (For doing a complete redirect, use #redirect_to).   url_for is used to:   All keys given to #url_for are forwarded to the Route module, save for the following:

• :anchor -- specifies the anchor name to be appended to the path. For example, url_for :controller => 'posts', :action => 'show', :id => 10, :anchor => 'comments' will produce "/posts/show/10#comments".

• :only_path -- if true, returns the relative URL (omitting the protocol, host name, and port) (false by default)

• :trailing_slash -- if true, adds a trailing slash, as in "/archive/2005/". Note that this is currently not recommended since it breaks caching.

• :host -- overrides the default (current) host if provided

• :protocol -- overrides the default (current) protocol if provided

The URL is generated from the remaining keys in the hash. A URL contains two key parts: the <base> and a query string. Routes composes a query string as the key/value pairs not included in the <base>.

The default Routes setup supports a typical Rails path of “controller/action/id” where action and id are optional, with action defaulting to ‘index’ when not given. Here are some typical #url_for statements and their corresponding URLs:  

url_for :controller => 'posts', :action => 'recent' # => 'proto://host.com/posts/recent'
url_for :controller => 'posts', :action => 'index' # => 'proto://host.com/posts'
url_for :controller => 'posts', :action => 'show', :id => 10 # => 'proto://host.com/posts/show/10'

When generating a new URL, missing values may be filled in from the current request’s parameters. For example, url_for :action => 'some_action' will retain the current controller, as expected. This behavior extends to other parameters, including :controller, :id, and any other parameters that are placed into a Route’s path.   The URL helpers such as url_for have a limited form of memory: when generating a new URL, they can look for missing values in the current request’s parameters. Routes attempts to guess when a value should and should not be taken from the defaults. There are a few simple rules on how this is performed:

• If the controller name begins with a slash, no defaults are used: url_for :controller => '/home'

• If the controller changes, the action will default to index unless provided

The final rule is applied while the URL is being generated and is best illustrated by an example. Let us consider the route given by map.connect 'people/:last/:first/:action', :action => 'bio', :controller => 'people'.

Suppose that the current URL is “people/hh/david/contacts”. Let’s consider a few different cases of URLs which are generated from this page.

• url_for :action => 'bio' -- During the generation of this URL, default values will be used for the first and

last components, and the action shall change. The generated URL will be, “people/hh/david/bio”.

• url_for :first => 'davids-little-brother' This generates the URL 'people/hh/davids-little-brother' -- note that this URL leaves out the assumed action of 'bio'.

However, you might ask why the action from the current request, ‘contacts’, isn’t carried over into the new URL. The answer has to do with the order in which the parameters appear in the generated path. In a nutshell, since the value that appears in the slot for :first is not equal to default value for :first we stop using defaults. On it’s own, this rule can account for much of the typical Rails URL behavior.   Although a convienence, defaults can occasionaly get in your way. In some cases a default persists longer than desired. The default may be cleared by adding :name => nil to url_for‘s options. This is often required when writing form helpers, since the defaults in play may vary greatly depending upon where the helper is used from. The following line will redirect to PostController’s default action, regardless of the page it is displayed on:

url_for :controller => 'posts', :action => nil

If you explicitly want to create a URL that’s almost the same as the current URL, you can do so using the :overwrite_params options. Say for your posts you have different views for showing and printing them. Then, in the show view, you get the URL for the print view like this

url_for :overwrite_params => { :action => 'print' }

This takes the current URL as is and only exchanges the action. In contrast, url_for :action => 'print' would have slashed-off the path components after the changed action.

Overwrite to implement a number of default options that all url_for-based methods will use. The default options should come in the form of a hash, just like the one you would use for #url_for directly. Example:

def default_url_options(options)
  { :project => @project.active? ? @project.url_name : "unknown" }
end

As you can infer from the example, this is mostly useful for situations where you want to centralize dynamic decisions about the urls as they stem from the business domain. Please note that any individual #url_for call can always override the defaults set by this method.

Sets a HTTP 1.1 Cache-Control header. Defaults to issuing a “private” instruction, so that intermediate caches shouldn’t cache the response.

Examples:

expires_in 20.minutes
expires_in 3.hours, :private => false
expires in 3.hours, 'max-stale' => 5.hours, :private => nil, :public => true

This method will overwrite an existing Cache-Control header. See www.w3.org/Protocols/rfc2616/rfc2616-sec14.html for more possibilities.

Sets a HTTP 1.1 Cache-Control header of “no-cache” so no caching should occur by the browser or intermediate caches (like caching proxy servers).

Return a response that has no content (merely headers). The options argument is interpreted to be a hash of header names and values. This allows you to easily return a response that consists only of significant headers:

head :created, :location => person_path(@person)

It can also be used to return exceptional conditions:

return head(:method_not_allowed) unless request.post?
return head(:bad_request) unless valid_request?
render

Redirects the browser to the target specified in options. This parameter can take one of three forms:

• Hash: The URL will be generated by calling #url_for with the options.

• String starting with protocol:// (like http://): Is passed straight through as the target for redirection.

• String not containing a protocol: The current protocol and host is prepended to the string.

• :back: Back to the page that issued the request. Useful for forms that are triggered from multiple places. Short-hand for redirect_to(request.env)

Examples:

redirect_to :action => "show", :id => 5
redirect_to "http://www.rubyonrails.org"
redirect_to "/images/screenshot.jpg"
redirect_to :back

The redirection happens as a “302 Moved” header.

When using redirect_to :back, if there is no referrer, RedirectBackError will be raised. You may specify some fallback behavior for this case by rescueing RedirectBackError.

Renders the content that will be returned to the browser as the response body.

Rendering an action

Action rendering is the most common form and the type used automatically by Action Controller when nothing else is specified. By default, actions are rendered within the current layout (if one exists).

# Renders the template for the action "goal" within the current controller
render :action => "goal"

# Renders the template for the action "short_goal" within the current controller,
# but without the current active layout
render :action => "short_goal", :layout => false

# Renders the template for the action "long_goal" within the current controller,
# but with a custom layout
render :action => "long_goal", :layout => "spectacular"

Deprecation notice: This used to have the signatures render_action("action", status = 200), render_without_layout("controller/action", status = 200), and render_with_layout("controller/action", status = 200, layout).

Rendering partials

Partial rendering in a controller is most commonly used together with Ajax calls that only update one or a few elements on a page without reloading. Rendering of partials from the controller makes it possible to use the same partial template in both the full-page rendering (by calling it from within the template) and when sub-page updates happen (from the controller action responding to Ajax calls). By default, the current layout is not used.

# Renders the same partial with a local variable.
render :partial => "person", :locals => { :name => "david" }

# Renders a collection of the same partial by making each element
# of @winners available through the local variable "person" as it
# builds the complete response.
render :partial => "person", :collection => @winners

# Renders the same collection of partials, but also renders the
# person_divider partial between each person partial.
render :partial => "person", :collection => @winners, :spacer_template => "person_divider"

# Renders a collection of partials located in a view subfolder
# outside of our current controller.  In this example we will be
# rendering app/views/shared/_note.r(html|xml)  Inside the partial
# each element of @new_notes is available as the local var "note".
render :partial => "shared/note", :collection => @new_notes

# Renders the partial with a status code of 500 (internal error).
render :partial => "broken", :status => 500

Note that the partial filename must also be a valid Ruby variable name, so e.g. 2005 and register-user are invalid.

Deprecation notice: This used to have the signatures render_partial(partial_path = default_template_name, object = nil, local_assigns = {}) and render_partial_collection(partial_name, collection, partial_spacer_template = nil, local_assigns = {}).

Rendering a template

Template rendering works just like action rendering except that it takes a path relative to the template root. The current layout is automatically applied.

# Renders the template located in [TEMPLATE_ROOT]/weblog/show.r(html|xml) (in Rails, app/views/weblog/show.rhtml)
render :template => "weblog/show"

Rendering a file

File rendering works just like action rendering except that it takes a filesystem path. By default, the path is assumed to be absolute, and the current layout is not applied.

# Renders the template located at the absolute filesystem path
render :file => "/path/to/some/template.rhtml"
render :file => "c:/path/to/some/template.rhtml"

# Renders a template within the current layout, and with a 404 status code
render :file => "/path/to/some/template.rhtml", :layout => true, :status => 404
render :file => "c:/path/to/some/template.rhtml", :layout => true, :status => 404

# Renders a template relative to the template root and chooses the proper file extension
render :file => "some/template", :use_full_path => true

Deprecation notice: This used to have the signature render_file(path, status = 200)

Rendering text

Rendering of text is usually used for tests or for rendering prepared content, such as a cache. By default, text rendering is not done within the active layout.

# Renders the clear text "hello world" with status code 200
render :text => "hello world!"

# Renders the clear text "Explosion!"  with status code 500
render :text => "Explosion!", :status => 500

# Renders the clear text "Hi there!" within the current active layout (if one exists)
render :text => "Explosion!", :layout => true

# Renders the clear text "Hi there!" within the layout
# placed in "app/views/layouts/special.r(html|xml)"
render :text => "Explosion!", :layout => "special"

The :text option can also accept a Proc object, which can be used to manually control the page generation. This should generally be avoided, as it violates the separation between code and content, and because almost everything that can be done with this method can also be done more cleanly using one of the other rendering methods, most notably templates.

# Renders "Hello from code!"
render :text => proc { |response, output| output.write("Hello from code!") }

Deprecation notice: This used to have the signature render_text("text", status = 200)

Rendering JSON

Rendering JSON sets the content type to text/x-json and optionally wraps the JSON in a callback. It is expected that the response will be eval’d for use as a data structure.

# Renders '{name: "David"}'
render :json => {:name => "David"}.to_json

Sometimes the result isn’t handled directly by a script (such as when the request comes from a SCRIPT tag), so the callback option is provided for these cases.

# Renders 'show({name: "David"})'
render :json => {:name => "David"}.to_json, :callback => 'show'

Rendering an inline template

Rendering of an inline template works as a cross between text and action rendering where the source for the template is supplied inline, like text, but its interpreted with ERb or Builder, like action. By default, ERb is used for rendering and the current layout is not used.

# Renders "hello, hello, hello, again"
render :inline => "<%= 'hello, ' * 3 + 'again' %>"

# Renders "<p>Good seeing you!</p>" using Builder
render :inline => "xml.p { 'Good seeing you!' }", :type => :rxml

# Renders "hello david"
render :inline => "<%= 'hello ' + name %>", :locals => { :name => "david" }

Deprecation notice: This used to have the signature render_template(template, status = 200, type = :rhtml)

Rendering inline JavaScriptGenerator page updates

In addition to rendering JavaScriptGenerator page updates with Ajax in RJS templates (see ActionView::Base for details), you can also pass the :update parameter to render, along with a block, to render page updates inline.

render :update do |page|
  page.replace_html  'user_list', :partial => 'user', :collection => @users
  page.visual_effect :highlight, 'user_list'
end

Rendering nothing

Rendering nothing is often convenient in combination with Ajax calls that perform their effect client-side or when you just want to communicate a status code. Due to a bug in Safari, nothing actually means a single space.

# Renders an empty response with status code 200
render :nothing => true

# Renders an empty response with status code 401 (access denied)
render :nothing => true, :status => 401

Renders according to the same rules as render, but returns the result in a string instead of sending it as the response body to the browser.

Resets the session by clearing out all the objects stored within and initializing a new session object.