I''m working through a Rails tutorial and saw the following code: class UsersController < ApplicationController before_filter :authenticate, :only => [:edit, :update] before_filter :correct_user, :only => [:edit, :update] . . . private def authenticate deny_access unless signed_in? end def correct_user @user = User.find(params[:id]) redirect_to(root_path) unless current_user?(@user) end Why are authenticate and correct_user private methods? Would it be harmful if they were made public? What would be the consequences? -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
On 9 March 2011 16:11, Gaba Luschi <lists-fsXkhYbjdPsEEoCn2XhGlw@public.gmane.org> wrote:> I''m working through a Rails tutorial and saw the following code: > > class UsersController < ApplicationController > before_filter :authenticate, :only => [:edit, :update] > before_filter :correct_user, :only => [:edit, :update] > > . > private > > def authenticate > deny_access unless signed_in? > end > > def correct_user > @user = User.find(params[:id]) > redirect_to(root_path) unless current_user?(@user) > end > > Why are authenticate and correct_user private methods? Would it be > harmful if they were made public? What would be the consequences?Public methods in the controller are normally controller actions. Do you have a specific reason for wanting them public? Colin -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
On Wed, Mar 9, 2011 at 10:11 AM, Gaba Luschi <lists-fsXkhYbjdPsEEoCn2XhGlw@public.gmane.org> wrote:> I''m working through a Rails tutorial and saw the following code: > > class UsersController < ApplicationController > before_filter :authenticate, :only => [:edit, :update] > before_filter :correct_user, :only => [:edit, :update] > > . > . > . > private > > def authenticate > deny_access unless signed_in? > end > > def correct_user > @user = User.find(params[:id]) > redirect_to(root_path) unless current_user?(@user) > end > > Why are authenticate and correct_user private methods? Would it be > harmful if they were made public? What would be the consequences? >Because external code could be written to take advantage of your authentication process and break in. In general, any method you don''t want other parts of your code to have access to and/or are only for the internal workings of the code they are in should be private. B. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
I don''t, I just wanted to understand the nuance of keeping those methods private - thanks! -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
if the assignment of current user is public, a users can steal resources from another. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.