Rails - Jan 2007 - Accessing controller methods in the view

I know that you can do:

<%= controller.whatever %>

the problem I have with that is now a person can do:

whatever.com/controller/whatever

Any idea how to make a method publicly accessible to views in a
controller without making it accessible via a URL? Can you do this with
the verify method?

Thanks for your help.

-- 
Posted via http://www.ruby-forum.com/.

--~--~---------~--~----~------------~-------~--~----~
 You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Ben Johnson wrote:
> I know that you can do:
> 
> <%= controller.whatever %>
> 
> the problem I have with that is now a person can do:
> 
> whatever.com/controller/whatever
> 
> Any idea how to make a method publicly accessible to views in a
> controller without making it accessible via a URL? Can you do this with
> the verify method?

        verify :method => :post, :only => [ :destroy, :whatever ],
        :redirect_to => { :action => ''cms'', :id => 1}

and then it''s not possible to put it in the url (it will redirect to 
cms/1).

helps?

-- 
Posted via http://www.ruby-forum.com/.

--~--~---------~--~----~------------~-------~--~----~
 You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

They can still POST to it so it''s not safe.

The answer is to move the code to a helper which can be used from both a
controller and a view.


On 1/10/07, harper
<rails-mailing-list-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org>
wrote:
>
>
> Ben Johnson wrote:
> > I know that you can do:
> >
> > <%= controller.whatever %>
> >
> > the problem I have with that is now a person can do:
> >
> > whatever.com/controller/whatever
> >
> > Any idea how to make a method publicly accessible to views in a
> > controller without making it accessible via a URL? Can you do this
with
> > the verify method?
>
>
>         verify :method => :post, :only => [ :destroy, :whatever ],
>         :redirect_to => { :action => ''cms'', :id
=> 1}
>
> and then it''s not possible to put it in the url (it will redirect
to
> cms/1).
>
> helps?
>
> --
> Posted via http://www.ruby-forum.com/.
>
> >
>

--~--~---------~--~----~------------~-------~--~----~
 You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

hide_action [ :whatever, ... ]


--~--~---------~--~----~------------~-------~--~----~
 You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Brian Hogan wrote:
> They can still POST to it so it''s not safe.
> 
> The answer is to move the code to a helper which can be used from both a
> controller and a view.
How does a controller access helper methods? I didn''t think this was 
possible.

-- 
Posted via http://www.ruby-forum.com/.

--~--~---------~--~----~------------~-------~--~----~
 You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Ben Johnson wrote:
> Brian Hogan wrote:
>> They can still POST to it so it''s not safe.
>> 
>> The answer is to move the code to a helper which can be used from both
a
>> controller and a view.
> 
> How does a controller access helper methods? I didn''t think this
was
> possible.
add the line

   include module HelperModule

to the controller...

-- 
Posted via http://www.ruby-forum.com/.

--~--~---------~--~----~------------~-------~--~----~
 You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

harper wrote:
> Ben Johnson wrote:
>> Brian Hogan wrote:
>>> They can still POST to it so it''s not safe.
>>> 
>>> The answer is to move the code to a helper which can be used from
both a
>>> controller and a view.
>> 
>> How does a controller access helper methods? I didn''t think
this was
>> possible.
> 
> add the line
> 
>    include module HelperModule
> 
> to the controller...
Doesn''t that bring us back to square one? All of the helper methods are
now assecible via the URL right?

-- 
Posted via http://www.ruby-forum.com/.

--~--~---------~--~----~------------~-------~--~----~
 You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Hey,

I''ve always used ''protected'' for this:

class FooController < ApplicationController

   def url_accessible_method
   end

   protected

     def non_url_accessible_method
     end

     def another_non_url_accessible_method
     end

     # make certain protected controller methods available to views
     helper_method :  
non_url_accessible_method, :another_non_url_accessible_method
end

However, note that doing:

class FooController
   # stuff
   protected
     include HelperModule
end

will not mark the methods in HelperModule as protected.  You either  
have to do this:

module HelperModule
   protected
     # your helper methods here
end

or you have to do this:

class FooController
   include HelperModule
   protected :each, :method, :name, :in, :helper_module
end

HTH,
Trevor


Trevor

On 10-Jan-07, at 9:12 AM, Ben Johnson wrote:
>
> harper wrote:
>> Ben Johnson wrote:
>>> Brian Hogan wrote:
>>>> They can still POST to it so it''s not safe.
>>>>
>>>> The answer is to move the code to a helper which can be used  
>>>> from both a
>>>> controller and a view.
>>>
>>> How does a controller access helper methods? I didn''t
think this was
>>> possible.
>>
>> add the line
>>
>>    include module HelperModule
>>
>> to the controller...
>
> Doesn''t that bring us back to square one? All of the helper
methods
> are
> now assecible via the URL right?
>
> -- 
> Posted via http://www.ruby-forum.com/.
>
> 
--~--~---------~--~----~------------~-------~--~----~
 You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

> Doesn''t that bring us back to square one? All of the helper
methods are
> now assecible via the URL right?
No, only methods actually defined in the class are available directly 
via the URL. Methods from included modules are not.

-- 
Posted via http://www.ruby-forum.com/.

--~--~---------~--~----~------------~-------~--~----~
 You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

The easiest way is to use a helper. Protected and private methods are also a
good idea, but if you really want to make your code clean, use helpers.

the hide_action works, but again, it''s not very clean.

Methods defined in a helper and included in the controller ARE accessible
publicly. The way to do it is:


/app/helpers/global_helper.rb
module GlobalHelper

  protected

  def do_something
     "Hello world"
  end

end


/app/controllers/global_controller.rb

class GlobalController < ApplicationController

 include GlobalHelper

 def index
   render :text=> do_something
 end

end


Keeps everything nice and clean.


On 1/10/07, Snowman
<rails-mailing-list-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org>
wrote:
>
>
> > Doesn''t that bring us back to square one? All of the helper
methods are
> > now assecible via the URL right?
>
> No, only methods actually defined in the class are available directly
> via the URL. Methods from included modules are not.
>
> --
> Posted via http://www.ruby-forum.com/.
>
> >
>

--~--~---------~--~----~------------~-------~--~----~
 You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---