I know that you can do:
<%= controller.whatever %>
the problem I have with that is now a person can do:
whatever.com/controller/whatever
Any idea how to make a method publicly accessible to views in a
controller without making it accessible via a URL? Can you do this with
the verify method?
Thanks for your help.
Ben J. wrote:
I know that you can do:
<%= controller.whatever %>
the problem I have with that is now a person can do:
whatever.com/controller/whatever
Any idea how to make a method publicly accessible to views in a
controller without making it accessible via a URL? Can you do this with
the verify method?
verify :method => :post, :only => [ :destroy, :whatever ],
:redirect_to => { :action => 'cms', :id => 1}
and then it’s not possible to put it in the url (it will redirect to
cms/1).
helps?
They can still POST to it so it’s not safe.
The answer is to move the code to a helper which can be used from both a
controller and a view.
hide_action [ :whatever, … ]
Brian H. wrote:
They can still POST to it so it’s not safe.
The answer is to move the code to a helper which can be used from both a
controller and a view.
How does a controller access helper methods? I didn’t think this was
possible.
Ben J. wrote:
Brian H. wrote:
They can still POST to it so it’s not safe.
The answer is to move the code to a helper which can be used from both a
controller and a view.
How does a controller access helper methods? I didn’t think this was
possible.
add the line
include module HelperModule
to the controller…
harper wrote:
Ben J. wrote:
Brian H. wrote:
They can still POST to it so it’s not safe.
The answer is to move the code to a helper which can be used from both a
controller and a view.
How does a controller access helper methods? I didn’t think this was
possible.
add the line
include module HelperModule
to the controller…
Doesn’t that bring us back to square one? All of the helper methods are
now assecible via the URL right?
Doesn’t that bring us back to square one? All of the helper methods are
now assecible via the URL right?
No, only methods actually defined in the class are available directly
via the URL. Methods from included modules are not.
Hey,
I’ve always used ‘protected’ for this:
class FooController < ApplicationController
def url_accessible_method
end
protected
def non_url_accessible_method
end
def another_non_url_accessible_method
end
# make certain protected controller methods available to views
helper_method :
non_url_accessible_method, :another_non_url_accessible_method
end
However, note that doing:
class FooController
stuff
protected
include HelperModule
end
will not mark the methods in HelperModule as protected. You either
have to do this:
module HelperModule
protected
# your helper methods here
end
or you have to do this:
class FooController
include HelperModule
protected :each, :method, :name, :in, :helper_module
end
HTH,
Trevor
Trevor
The easiest way is to use a helper. Protected and private methods are
also a
good idea, but if you really want to make your code clean, use helpers.
the hide_action works, but again, it’s not very clean.
Methods defined in a helper and included in the controller ARE
accessible
publicly. The way to do it is:
/app/helpers/global_helper.rb
module GlobalHelper
protected
def do_something
“Hello world”
end
end
/app/controllers/global_controller.rb
class GlobalController < ApplicationController
include GlobalHelper
def index
render :text=> do_something
end
end
Keeps everything nice and clean.