Accessing controller methods in the view

They can still POST to it so it’s not safe.

The answer is to move the code to a helper which can be used from both a controller and a view.

hide_action [ :whatever, ... ]

Hey,

I've always used 'protected' for this:

class FooController < ApplicationController

   def url_accessible_method
   end

   protected

     def non_url_accessible_method
     end

     def another_non_url_accessible_method
     end

     # make certain protected controller methods available to views
     helper_method :
non_url_accessible_method, :another_non_url_accessible_method
end

However, note that doing:

class FooController
   # stuff
   protected
     include HelperModule
end

will not mark the methods in HelperModule as protected. You either
have to do this:

module HelperModule
   protected
     # your helper methods here
end

or you have to do this:

class FooController
   include HelperModule
   protected :each, :method, :name, :in, :helper_module
end

HTH,
Trevor

Trevor

The easiest way is to use a helper. Protected and private methods are also a good idea, but if you really want to make your code clean, use helpers.

the hide_action works, but again, it’s not very clean.

Methods defined in a helper and included in the controller ARE accessible publicly. The way to do it is:

/app/helpers/global_helper.rb
module GlobalHelper

protected

def do_something
“Hello world”

end

end

/app/controllers/global_controller.rb

class GlobalController < ApplicationController

include GlobalHelper

def index
render :text=> do_something
end

end

Keeps everything nice and clean.