Marnen Laibow-Koser wrote:
>
> That said, if you have a controller method (such as Ralph's
> fetch_logged_user) that is not meant to be called as an action, it is an
> extremely good idea to make it non-public (that is, private or
> protected) so that it cannot be called as an action accidentally (or
> maliciously).
Ok ... that sent up alarm bells.
So ... how can I prevent Rails from calling, say,
def fetch_logged_user
# black blah blah
end
or
def is_logged_in_user?
!...@logged_user.nil?
end
and yet allow all other controllers access to those two functions?
--
Posted via http://www.ruby-forum.com/.
--
You received this message because you are subscribed to the Google Groups "Ruby
on Rails: Talk" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.
