Merge pull request #1003 from cantino/agent_editing_returns

Editing an agent returns you to correct scenario or index

app/controllers/agents_controller.rb

@@ -235,18 +235,7 @@ class AgentsController < ApplicationController
 
   # Sanitize params[:return] to prevent open redirect attacks, a common security issue.
   def redirect_back(message, options = {})
-    case ret = params[:return] || options[:return]
-    when "show"
-      if @agent && !@agent.destroyed?
-        path = agent_path(@agent)
-      else
-        path = agents_path
-      end
-    when /\A#{Regexp::escape scenarios_path}\/\d+\z/, agents_path
-      path = ret
-    end
-
-    if path
+    if path = filtered_agent_return_link(options)
       redirect_to path, notice: message
     else
       super agents_path, notice: message

app/controllers/application_controller.rb

@@ -30,6 +30,20 @@ class ApplicationController < ActionController::Base
     basecamp_auth_check
   end
 
+  def filtered_agent_return_link(options = {})
+    case ret = params[:return].presence || options[:return]
+      when "show"
+        if @agent && !@agent.destroyed?
+          agent_path(@agent)
+        else
+          agents_path
+        end
+      when /\A#{(Regexp::escape scenarios_path)}/, /\A#{(Regexp::escape agents_path)}/, /\A#{(Regexp::escape events_path)}/
+        ret
+    end
+  end
+  helper_method :filtered_agent_return_link
+
   private
 
   def twitter_oauth_check

app/views/agents/_action_menu.html.erb

@@ -1,7 +1,7 @@
 <ul class="dropdown-menu" role="menu">
   <% if agent.can_be_scheduled? %>
     <li>
-      <%= link_to icon_tag('glyphicon-refresh', class: 'color-success') + ' Run', run_agent_path(agent, return: returnTo), method: :post, tabindex: "-1" %>
+      <%= link_to icon_tag('glyphicon-refresh', class: 'color-success') + ' Run', run_agent_path(agent, return: return_to), method: :post, tabindex: "-1" %>
     </li>
   <% end %>
 
@@ -12,13 +12,13 @@
   <% end %>
 
   <li>
-    <%= link_to icon_tag('glyphicon-eye-open') + ' Show'.html_safe, agent_path(agent) %>
+    <%= link_to icon_tag('glyphicon-eye-open') + ' Show'.html_safe, agent_path(agent, return: return_to) %>
   </li>
 
   <li class="divider"></li>
 
   <li>
-    <%= link_to icon_tag('glyphicon-pencil') + ' Edit agent'.html_safe, edit_agent_path(agent) %>
+    <%= link_to icon_tag('glyphicon-pencil') + ' Edit agent'.html_safe, edit_agent_path(agent, return: return_to) %>
   </li>
 
   <li>
@@ -40,7 +40,7 @@
 
     <% agent.scenarios.each do |scenario| %>
       <li>
-        <%= link_to icon_tag('glyphicon-remove-circle', class: 'color-warning') + " Remove from #{scenario_label(scenario)}".html_safe, leave_scenario_agent_path(agent, scenario_id: scenario.to_param, return: returnTo), method: :put, tabindex: "-1" %>
+        <%= link_to icon_tag('glyphicon-remove-circle', class: 'color-warning') + " Remove from #{scenario_label(scenario)}".html_safe, leave_scenario_agent_path(agent, scenario_id: scenario.to_param, return: return_to), method: :put, tabindex: "-1" %>
       </li>
     <% end %>
   <% end %>
@@ -49,12 +49,12 @@
 
   <% if agent.can_create_events? && agent.events.count > 0 %>
     <li>
-      <%= link_to icon_tag('glyphicon-trash', class: 'color-danger') + ' Delete all events', remove_events_agent_path(agent, return: returnTo), method: :delete, data: {confirm: 'Are you sure you want to delete ALL emitted events for this Agent?'}, tabindex: "-1" %>
+      <%= link_to icon_tag('glyphicon-trash', class: 'color-danger') + ' Delete all events', remove_events_agent_path(agent, return: return_to), method: :delete, data: {confirm: 'Are you sure you want to delete ALL emitted events for this Agent?'}, tabindex: "-1" %>
     </li>
   <% end %>
 
   <li>
-    <%= link_to icon_tag('glyphicon-remove', class: 'color-danger') + ' Delete agent', agent_path(agent, return: returnTo), method: :delete, data: { confirm: 'Are you sure that you want to permanently delete this Agent?' }, tabindex: "-1" %>
+    <%= link_to icon_tag('glyphicon-remove', class: 'color-danger') + ' Delete agent', agent_path(agent, return: return_to), method: :delete, data: { confirm: 'Are you sure that you want to permanently delete this Agent?' }, tabindex: "-1" %>
   </li>
 </ul>
 
@@ -69,7 +69,7 @@
         <p><% if agent.disabled? %>Enable<% else %>Disable<% end %> &quot;<%= agent.name %>&quot;?</p>
       </div>
       <div class="modal-footer">
-        <%= form_for(agent, as: :agent, url: agent_path(agent, return: returnTo), method: 'PUT') do |f| %>
+        <%= form_for(agent, as: :agent, url: agent_path(agent, return: return_to), method: 'PUT') do |f| %>
           <% if agent.disabled && agent.can_receive_events? %>
             <div class="form-group">
               <%= f.check_box :drop_pending_events %>

app/views/agents/_form.html.erb

@@ -15,6 +15,8 @@
              method: @agent.new_record? ? "POST" : "PUT",
              html: { class: 'agent-form' }) do |f| %>
 
+  <%= hidden_field_tag :return, params[:return] %>
+
   <div class="row">
     <div class="col-md-6">
       <div class="row">

app/views/agents/_table.html.erb

@@ -14,7 +14,7 @@
     <% @agents.each do |agent| %>
       <tr>
         <td class='<%= "agent-unavailable" if agent.unavailable? %>'>
-          <%= link_to agent.name, agent_path(agent) %>
+          <%= link_to agent.name, agent_path(agent, return: (defined?(return_to) && return_to) || request.path) %>
           <br/>
           <span class='text-muted'><%= agent.short_type.titleize %></span>
           <% if agent.scenarios.present? %>
@@ -64,7 +64,7 @@
             <button type="button" class="btn btn-default btn-sm dropdown-toggle" data-toggle="dropdown">
               <span class="glyphicon glyphicon-th-list"></span> Actions <span class="caret"></span>
             </button>
-            <%= render 'agents/action_menu', :agent => agent, :returnTo => (defined?(returnTo) && returnTo) || "index" %>
+            <%= render 'agents/action_menu', agent: agent, return_to: (defined?(return_to) && return_to) || request.path %>
           </div>
         </td>
       </tr>

app/views/agents/show.html.erb

@@ -2,7 +2,7 @@
   <div class='row'>
     <div class='col-md-2'>
         <ul class="nav nav-pills nav-stacked" id="show-tabs">
-          <li><%= link_to icon_tag('glyphicon-chevron-left') + ' Back'.html_safe, agents_path %></li>
+          <li><%= link_to icon_tag('glyphicon-chevron-left') + ' Back'.html_safe, filtered_agent_return_link || agents_path %></li>
 
           <% if agent_show_view(@agent).present? %>
             <li class='active'><a href="#summary" data-toggle="tab"><span class='glyphicon glyphicon-picture'></span> Summary</a></li>
@@ -22,7 +22,7 @@
 
           <li class="dropdown">
             <a class="dropdown-toggle" data-toggle="dropdown" href="#"><span class="glyphicon glyphicon-th-list"></span> Actions <span class="caret"></span></a>
-            <%= render 'agents/action_menu', :agent => @agent, :returnTo => "show" %>
+            <%= render 'agents/action_menu', :agent => @agent, :return_to => "show" %>
           </li>
         </ul>
       </div>

app/views/events/index.html.erb

@@ -19,7 +19,7 @@
         <% @events.each do |event| %>
           <% next unless event.agent %>
           <%= content_tag :tr, class: (highlighted?(event.id) ? 'hl' : nil) do %>
-            <td><%= link_to event.agent.name, agent_path(event.agent) %></td>
+            <td><%= link_to event.agent.name, agent_path(event.agent, return: request.fullpath) %></td>
             <td title='<%= event.created_at %>'><%= time_ago_in_words event.created_at %> ago</td>
             <td class='payload'><%= truncate event.payload.to_json, :length => 90, :omission => "" %></td>
             <td>
@@ -40,7 +40,7 @@
 
       <% if @agent %>
         <div class="btn-group">
-          <%= link_to icon_tag('glyphicon-chevron-left') + ' Back'.html_safe, agents_path, class: "btn btn-default" %>
+          <%= link_to icon_tag('glyphicon-eye-open') + ' View Agent'.html_safe, agent_path(@agent, return: request.fullpath), class: "btn btn-default" %>
           <%= link_to icon_tag('glyphicon-random') + ' See all events'.html_safe, events_path, class: "btn btn-default" %>
         </div>
       <% end %>

app/views/scenarios/show.html.erb

@@ -10,13 +10,13 @@
         <blockquote><%= markdown(@scenario.description) %></blockquote>
       <% end %>
 
-      <%= render 'agents/table', :returnTo => scenario_path(@scenario) %>
+      <%= render 'agents/table', :return_to => scenario_path(@scenario) %>
 
       <br/>
 
       <div class="btn-group">
         <%= link_to icon_tag('glyphicon-chevron-left') + ' Back', scenarios_path, class: "btn btn-default" %>
-        <%= link_to icon_tag('glyphicon-plus') + ' New Agent', new_agent_path(scenario_id: @scenario.id), class: "btn btn-default" %>
+        <%= link_to icon_tag('glyphicon-plus') + ' New Agent', new_agent_path(scenario_id: @scenario.id, return: request.path), class: "btn btn-default" %>
         <%= link_to icon_tag('glyphicon-random') + ' View Diagram', scenario_diagram_path(@scenario), class: "btn btn-default" %>
         <%= link_to icon_tag('glyphicon-edit') + ' Edit', edit_scenario_path(@scenario), class: "btn btn-default" %>
         <% if @scenario.source_url.present? %>