Ralph Shnelvar wrote:
> Marnen Laibow-Koser wrote:
> > That said, if you have a controller method (such as Ralph's
> > fetch_logged_user) that is not meant to be called as an action, it is an
> > extremely good idea to make it non-public (that is, private or
> > protected) so that it cannot be called as an action accidentally (or
> > maliciously).
>
> Ok ... that sent up alarm bells.
>
> So ... how can I prevent Rails from calling, say,
> def fetch_logged_user
> # black blah blah
> end
> or
> def is_logged_in_user?
> !...@logged_user.nil?
> end
> and yet allow all other controllers access to those two functions?
As Marnen said, make it private or protected. Like this:
protected
def fetch_logged_user
...
end
Bob
--
You received this message because you are subscribed to the Google Groups "Ruby
on Rails: Talk" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.
