[catagits/Catalyst-Runtime.git] / lib / Catalyst / ActionRole / HTTPMethods.pm

package Catalyst::ActionRole::HTTPMethods;

use Moose::Role;

requires 'match', 'match_captures';

around ['match','match_captures'], sub {
  my ($orig, $self, $ctx, @args) = @_;
  my $expected = $self->_normalize_expected_http_method($ctx->req);
  return $self->_has_expected_http_method($expected) ?
    $self->$orig($ctx, @args) :
    0;
};

sub _normalize_expected_http_method {
  my ($self, $req) = @_;
  return $req->header('X-HTTP-Method') ||
    $req->header('X-HTTP-Method-Override') ||
    $req->header('X-METHOD-OVERRIDE') ||
    $req->method;
}

sub _has_expected_http_method {
  my ($self, $expected) = @_;
  return 1 unless scalar(my @allowed = $self->allowed_http_methods);
  return scalar(grep { lc($_) eq lc($expected) } @allowed) ?
    1 : 0;
}

sub allowed_http_methods { @{shift->attributes->{Method}||[]} }

1;

=head1 NAME

Catalyst::ActionRole::HTTPMethods - Match on HTTP Methods

=head1 SYNOPSIS

    package MyApp::Web::Controller::MyController;

    use Moose;
    use MooseX::MethodAttributes;

    extends 'Catalyst::Controller';

    sub user_base : Chained('/') CaptureArg(0) { ... }

      sub get_user    : Chained('user_base') Args(1) GET { ... }
      sub post_user   : Chained('user_base') Args(1) POST { ... }
      sub put_user    : Chained('user_base') Args(1) PUT { ... }
      sub delete_user : Chained('user_base') Args(1) DELETE { ... }
      sub head_user   : Chained('user_base') Args(1) HEAD { ... }
      sub option_user : Chained('user_base') Args(1) OPTION { ... }
      sub option_user : Chained('user_base') Args(1) PATCH { ... }


      sub post_and_put : Chained('user_base') POST PUT Args(1) { ... }
      sub method_attr  : Chained('user_base') Method('DELETE') Args(0) { ... }

    __PACKAGE__->meta->make_immutable;

=head1 DESCRIPTION

This is an action role that lets your L<Catalyst::Action> match on standard
HTTP methods, such as GET, POST, etc.

Since most web browsers have limited support for rich HTTP Method vocabularies
we also support setting the expected match method via the follow non standard
but widely used http extensions.  Our support for these should not be taken as
an endorsement of the technique.   Rt is merely a reflection of our desire to
work well with existing systems and common client side tools.

=over 4

=item X-HTTP-Method (Microsoft)

=item X-HTTP-Method-Override (Google/GData)

=item X-METHOD-OVERRIDE (IBM)

=back 

Please note the insanity of overriding a GET request with a DELETE override...
Rational practices suggest that using POST with overrides to emulate PUT and
DELETE can be an acceptable way to deal with client limitations and security
rules on your proxy server. I recommend going no further.

=head1 REQUIRES

This role requires the following methods in the consuming class.

=head2 match

=head2 match_captures

Returns 1 if the action matches the existing request and zero if not.

=head1 METHODS

This role defines the following methods

=head2 match

=head2 match_captures

Around method modifier that return 1 if the request method matches one of the
allowed methods (see L</http_methods>) and zero otherwise.

=head2 allowed_http_methods

An array of strings that are the allowed http methods for matching this action
normalized as noted above (using X-Method* overrides).

=head2 _has_expected_http_method ($expected)

Private method which returns 1 if C<$expected> matches one of the allowed
in L</http_methods> and zero otherwise.

=head1 AUTHORS

Catalyst Contributors, see Catalyst.pm

=head1 COPYRIGHT

This library is free software. You can redistribute it and/or modify it under
the same terms as Perl itself.

=cut
Commit	Line	Data
60034b8c	1	package Catalyst::ActionRole::HTTPMethods;
	2
	3	use Moose::Role;
	4
	5	requires 'match', 'match_captures';
	6
	7	around ['match','match_captures'], sub {
	8	my ($orig, $self, $ctx, @args) = @_;
	9	my $expected = $self->_normalize_expected_http_method($ctx->req);
	10	return $self->_has_expected_http_method($expected) ?
	11	$self->$orig($ctx, @args) :
	12	0;
	13	};
	14
	15	sub _normalize_expected_http_method {
	16	my ($self, $req) = @_;
	17	return $req->header('X-HTTP-Method') \|\|
	18	$req->header('X-HTTP-Method-Override') \|\|
	19	$req->header('X-METHOD-OVERRIDE') \|\|
	20	$req->method;
	21	}
	22
	23	sub _has_expected_http_method {
	24	my ($self, $expected) = @_;
	25	return 1 unless scalar(my @allowed = $self->allowed_http_methods);
	26	return scalar(grep { lc($_) eq lc($expected) } @allowed) ?
	27	1 : 0;
	28	}
	29
	30	sub allowed_http_methods { @{shift->attributes->{Method}\|\|[]} }
	31
	32	1;
	33
	34	=head1 NAME
	35
	36	Catalyst::ActionRole::HTTPMethods - Match on HTTP Methods
	37
	38	=head1 SYNOPSIS
	39
	40	package MyApp::Web::Controller::MyController;
	41
	42	use Moose;
	43	use MooseX::MethodAttributes;
	44
	45	extends 'Catalyst::Controller';
	46
	47	sub user_base : Chained('/') CaptureArg(0) { ... }
	48
	49	sub get_user : Chained('user_base') Args(1) GET { ... }
	50	sub post_user : Chained('user_base') Args(1) POST { ... }
	51	sub put_user : Chained('user_base') Args(1) PUT { ... }
	52	sub delete_user : Chained('user_base') Args(1) DELETE { ... }
	53	sub head_user : Chained('user_base') Args(1) HEAD { ... }
	54	sub option_user : Chained('user_base') Args(1) OPTION { ... }
	55	sub option_user : Chained('user_base') Args(1) PATCH { ... }
	56
	57
	58	sub post_and_put : Chained('user_base') POST PUT Args(1) { ... }
	59	sub method_attr : Chained('user_base') Method('DELETE') Args(0) { ... }
	60
	61	__PACKAGE__->meta->make_immutable;
	62
	63	=head1 DESCRIPTION
	64
65	This is an action role that lets your L<Catalyst::Action> match on standard
66	HTTP methods, such as GET, POST, etc.
67
68	Since most web browsers have limited support for rich HTTP Method vocabularies
69	we also support setting the expected match method via the follow non standard
70	but widely used http extensions. Our support for these should not be taken as
71	an endorsement of the technique. Rt is merely a reflection of our desire to
72	work well with existing systems and common client side tools.
73
74	=over 4
75
76	=item X-HTTP-Method (Microsoft)
77
78	=item X-HTTP-Method-Override (Google/GData)
79
80	=item X-METHOD-OVERRIDE (IBM)
81
82	=back
83
84	Please note the insanity of overriding a GET request with a DELETE override...
85	Rational practices suggest that using POST with overrides to emulate PUT and
86	DELETE can be an acceptable way to deal with client limitations and security
87	rules on your proxy server. I recommend going no further.
88
89	=head1 REQUIRES
90
91	This role requires the following methods in the consuming class.
92
93	=head2 match
94
95	=head2 match_captures
96
97	Returns 1 if the action matches the existing request and zero if not.
98
99	=head1 METHODS
100
101	This role defines the following methods
102
103	=head2 match
104
105	=head2 match_captures
106
107	Around method modifier that return 1 if the request method matches one of the
108	allowed methods (see L</http_methods>) and zero otherwise.
109
110	=head2 allowed_http_methods
111
112	An array of strings that are the allowed http methods for matching this action
113	normalized as noted above (using X-Method* overrides).
114
115	=head2 _has_expected_http_method ($expected)
116
117	Private method which returns 1 if C<$expected> matches one of the allowed
118	in L</http_methods> and zero otherwise.
119
120	=head1 AUTHORS
121
122	Catalyst Contributors, see Catalyst.pm
123
124	=head1 COPYRIGHT
125
126	This library is free software. You can redistribute it and/or modify it under
127	the same terms as Perl itself.
128
129	=cut