Forum: Ruby on Rails Accessing controller methods in the view

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
328f0bb678423fcea01ebe3b0edc74e6?d=identicon&s=25 Ben Johnson (benjohnson)
on 2007-01-09 19:42
I know that you can do:

<%= controller.whatever %>

the problem I have with that is now a person can do:

whatever.com/controller/whatever

Any idea how to make a method publicly accessible to views in a
controller without making it accessible via a URL? Can you do this with
the verify method?

Thanks for your help.
Ce953bec3af375ddc75e375233112b28?d=identicon&s=25 harper (Guest)
on 2007-01-10 10:56
Ben Johnson wrote:
> I know that you can do:
>
> <%= controller.whatever %>
>
> the problem I have with that is now a person can do:
>
> whatever.com/controller/whatever
>
> Any idea how to make a method publicly accessible to views in a
> controller without making it accessible via a URL? Can you do this with
> the verify method?


        verify :method => :post, :only => [ :destroy, :whatever ],
        :redirect_to => { :action => 'cms', :id => 1}

and then it's not possible to put it in the url (it will redirect to
cms/1).

helps?
6ef8cb7cd7cd58077f0b57e4fa49a969?d=identicon&s=25 Brian Hogan (Guest)
on 2007-01-10 16:49
(Received via mailing list)
They can still POST to it so it's not safe.

The answer is to move the code to a helper which can be used from both a
controller and a view.
Aec50f31361352a2c27ca949f64d7213?d=identicon&s=25 Sheldon Hearn (Guest)
on 2007-01-10 17:08
(Received via mailing list)
hide_action [ :whatever, ... ]
328f0bb678423fcea01ebe3b0edc74e6?d=identicon&s=25 Ben Johnson (benjohnson)
on 2007-01-10 17:08
Brian Hogan wrote:
> They can still POST to it so it's not safe.
>
> The answer is to move the code to a helper which can be used from both a
> controller and a view.

How does a controller access helper methods? I didn't think this was
possible.
Ce953bec3af375ddc75e375233112b28?d=identicon&s=25 harper (Guest)
on 2007-01-10 18:03
Ben Johnson wrote:
> Brian Hogan wrote:
>> They can still POST to it so it's not safe.
>>
>> The answer is to move the code to a helper which can be used from both a
>> controller and a view.
>
> How does a controller access helper methods? I didn't think this was
> possible.

add the line

   include module HelperModule

to the controller...
328f0bb678423fcea01ebe3b0edc74e6?d=identicon&s=25 Ben Johnson (benjohnson)
on 2007-01-10 18:12
harper wrote:
> Ben Johnson wrote:
>> Brian Hogan wrote:
>>> They can still POST to it so it's not safe.
>>>
>>> The answer is to move the code to a helper which can be used from both a
>>> controller and a view.
>>
>> How does a controller access helper methods? I didn't think this was
>> possible.
>
> add the line
>
>    include module HelperModule
>
> to the controller...

Doesn't that bring us back to square one? All of the helper methods are
now assecible via the URL right?
27c170f482104299af279902be0a9c26?d=identicon&s=25 Trevor Squires (Guest)
on 2007-01-10 19:06
(Received via mailing list)
Hey,

I've always used 'protected' for this:

class FooController < ApplicationController

   def url_accessible_method
   end

   protected

     def non_url_accessible_method
     end

     def another_non_url_accessible_method
     end

     # make certain protected controller methods available to views
     helper_method :
non_url_accessible_method, :another_non_url_accessible_method
end

However, note that doing:

class FooController
   # stuff
   protected
     include HelperModule
end

will not mark the methods in HelperModule as protected.  You either
have to do this:

module HelperModule
   protected
     # your helper methods here
end

or you have to do this:

class FooController
   include HelperModule
   protected :each, :method, :name, :in, :helper_module
end

HTH,
Trevor


Trevor
5c8d28d1333f8e44641e74c9f72c29c7?d=identicon&s=25 Snowman (Guest)
on 2007-01-10 20:00
> Doesn't that bring us back to square one? All of the helper methods are
> now assecible via the URL right?

No, only methods actually defined in the class are available directly
via the URL. Methods from included modules are not.
6ef8cb7cd7cd58077f0b57e4fa49a969?d=identicon&s=25 Brian Hogan (Guest)
on 2007-01-19 16:30
(Received via mailing list)
The easiest way is to use a helper. Protected and private methods are
also a
good idea, but if you really want to make your code clean, use helpers.

the hide_action works, but again, it's not very clean.

Methods defined in a helper and included in the controller ARE
accessible
publicly. The way to do it is:


/app/helpers/global_helper.rb
module GlobalHelper

  protected

  def do_something
     "Hello world"
  end

end


/app/controllers/global_controller.rb

class GlobalController < ApplicationController

 include GlobalHelper

 def index
   render :text=> do_something
 end

end


Keeps everything nice and clean.
This topic is locked and can not be replied to.