Forum: Ruby on Rails Accessing controller methods in the view

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
Ben J. (Guest)
on 2007-01-09 20:42
I know that you can do:

<%= controller.whatever %>

the problem I have with that is now a person can do:

whatever.com/controller/whatever

Any idea how to make a method publicly accessible to views in a
controller without making it accessible via a URL? Can you do this with
the verify method?

Thanks for your help.
harper (Guest)
on 2007-01-10 11:56
Ben J. wrote:
> I know that you can do:
>
> <%= controller.whatever %>
>
> the problem I have with that is now a person can do:
>
> whatever.com/controller/whatever
>
> Any idea how to make a method publicly accessible to views in a
> controller without making it accessible via a URL? Can you do this with
> the verify method?


        verify :method => :post, :only => [ :destroy, :whatever ],
        :redirect_to => { :action => 'cms', :id => 1}

and then it's not possible to put it in the url (it will redirect to
cms/1).

helps?
Brian H. (Guest)
on 2007-01-10 17:49
(Received via mailing list)
They can still POST to it so it's not safe.

The answer is to move the code to a helper which can be used from both a
controller and a view.
Sheldon H. (Guest)
on 2007-01-10 18:08
(Received via mailing list)
hide_action [ :whatever, ... ]
Ben J. (Guest)
on 2007-01-10 18:08
Brian H. wrote:
> They can still POST to it so it's not safe.
>
> The answer is to move the code to a helper which can be used from both a
> controller and a view.

How does a controller access helper methods? I didn't think this was
possible.
harper (Guest)
on 2007-01-10 19:03
Ben J. wrote:
> Brian H. wrote:
>> They can still POST to it so it's not safe.
>>
>> The answer is to move the code to a helper which can be used from both a
>> controller and a view.
>
> How does a controller access helper methods? I didn't think this was
> possible.

add the line

   include module HelperModule

to the controller...
Ben J. (Guest)
on 2007-01-10 19:12
harper wrote:
> Ben J. wrote:
>> Brian H. wrote:
>>> They can still POST to it so it's not safe.
>>>
>>> The answer is to move the code to a helper which can be used from both a
>>> controller and a view.
>>
>> How does a controller access helper methods? I didn't think this was
>> possible.
>
> add the line
>
>    include module HelperModule
>
> to the controller...

Doesn't that bring us back to square one? All of the helper methods are
now assecible via the URL right?
Trevor S. (Guest)
on 2007-01-10 20:06
(Received via mailing list)
Hey,

I've always used 'protected' for this:

class FooController < ApplicationController

   def url_accessible_method
   end

   protected

     def non_url_accessible_method
     end

     def another_non_url_accessible_method
     end

     # make certain protected controller methods available to views
     helper_method :
non_url_accessible_method, :another_non_url_accessible_method
end

However, note that doing:

class FooController
   # stuff
   protected
     include HelperModule
end

will not mark the methods in HelperModule as protected.  You either
have to do this:

module HelperModule
   protected
     # your helper methods here
end

or you have to do this:

class FooController
   include HelperModule
   protected :each, :method, :name, :in, :helper_module
end

HTH,
Trevor


Trevor
Snowman (Guest)
on 2007-01-10 21:00
> Doesn't that bring us back to square one? All of the helper methods are
> now assecible via the URL right?

No, only methods actually defined in the class are available directly
via the URL. Methods from included modules are not.
Brian H. (Guest)
on 2007-01-19 17:30
(Received via mailing list)
The easiest way is to use a helper. Protected and private methods are
also a
good idea, but if you really want to make your code clean, use helpers.

the hide_action works, but again, it's not very clean.

Methods defined in a helper and included in the controller ARE
accessible
publicly. The way to do it is:


/app/helpers/global_helper.rb
module GlobalHelper

  protected

  def do_something
     "Hello world"
  end

end


/app/controllers/global_controller.rb

class GlobalController < ApplicationController

 include GlobalHelper

 def index
   render :text=> do_something
 end

end


Keeps everything nice and clean.
This topic is locked and can not be replied to.