Getting into the later chapters of the Agile book depot app (and getting
more confused as it goes along!) Boy for awhile I thought I was really
getting it, now I’m not so sure.
Anyway, Chapter 11, talking about limiting access to admins. They have
you create a filter (something I am fuzzy on understanding) that calls
an authorize method. This method is placed inside the application
controller, I think so all the other controllers can access it.
Now, here’s the part that really has me confused. He states “we need to
restrict access to this method (the authorize filter) because the
methods in application.rb appear as instance methods in all our
controllers. Any public methods here are exposed to end users as
So he marks the filter as private.
Ok - then in the next line we go and add this authorize filter in the
admin_controller.rb. But - how does it even see this method in the
application.rb if it is a private method? He just stated he put private
so instance methods would not be visible in the controllers.
I believe I am mixing up some terminology here - possibly instance
method vs. action? I’m really confused here though, so any tips are