Accessing controller methods in the view

I know that you can do:

<%= controller.whatever %>

the problem I have with that is now a person can do:

Any idea how to make a method publicly accessible to views in a
controller without making it accessible via a URL? Can you do this with
the verify method?

Thanks for your help.

Ben J. wrote:

I know that you can do:

<%= controller.whatever %>

the problem I have with that is now a person can do:

whatever.com/controller/whatever

Any idea how to make a method publicly accessible to views in a
controller without making it accessible via a URL? Can you do this with
the verify method?

    verify :method => :post, :only => [ :destroy, :whatever ],
    :redirect_to => { :action => 'cms', :id => 1}

and then it’s not possible to put it in the url (it will redirect to
cms/1).

helps?

They can still POST to it so it’s not safe.

The answer is to move the code to a helper which can be used from both a
controller and a view.

hide_action [ :whatever, … ]

Brian H. wrote:

They can still POST to it so it’s not safe.

The answer is to move the code to a helper which can be used from both a
controller and a view.

How does a controller access helper methods? I didn’t think this was
possible.

Ben J. wrote:

Brian H. wrote:

They can still POST to it so it’s not safe.

The answer is to move the code to a helper which can be used from both a
controller and a view.

How does a controller access helper methods? I didn’t think this was
possible.

add the line

include module HelperModule

to the controller…

harper wrote:

Ben J. wrote:

Brian H. wrote:

They can still POST to it so it’s not safe.

The answer is to move the code to a helper which can be used from both a
controller and a view.

How does a controller access helper methods? I didn’t think this was
possible.

add the line

include module HelperModule

to the controller…

Doesn’t that bring us back to square one? All of the helper methods are
now assecible via the URL right?

Doesn’t that bring us back to square one? All of the helper methods are
now assecible via the URL right?

No, only methods actually defined in the class are available directly
via the URL. Methods from included modules are not.

Hey,

I’ve always used ‘protected’ for this:

class FooController < ApplicationController

def url_accessible_method
end

protected

 def non_url_accessible_method
 end

 def another_non_url_accessible_method
 end

 # make certain protected controller methods available to views
 helper_method :

non_url_accessible_method, :another_non_url_accessible_method
end

However, note that doing:

class FooController

stuff

protected
include HelperModule
end

will not mark the methods in HelperModule as protected. You either
have to do this:

module HelperModule
protected
# your helper methods here
end

or you have to do this:

class FooController
include HelperModule
protected :each, :method, :name, :in, :helper_module
end

HTH,
Trevor

Trevor

The easiest way is to use a helper. Protected and private methods are
also a
good idea, but if you really want to make your code clean, use helpers.

the hide_action works, but again, it’s not very clean.

Methods defined in a helper and included in the controller ARE
accessible
publicly. The way to do it is:

/app/helpers/global_helper.rb
module GlobalHelper

protected

def do_something
“Hello world”
end

end

/app/controllers/global_controller.rb

class GlobalController < ApplicationController

include GlobalHelper

def index
render :text=> do_something
end

end

Keeps everything nice and clean.

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs