11155
March 9, 2011, 4:11pm
1
I'm working through a Rails tutorial and saw the following code:
class UsersController < ApplicationController
before_filter :authenticate, :only => [:edit, :update]
before_filter :correct_user, :only => [:edit, :update]
.
.
.
private
def authenticate
deny_access unless signed_in?
end
def correct_user
@user = User.find(params[:id])
redirect_to(root_path) unless current_user?(@user )
end
Why are authenticate and correct_user private methods? Would it be
harmful if they were made public? What would be the consequences?
Public methods in the controller are normally controller actions. Do
you have a specific reason for wanting them public?
Colin
Because external code could be written to take advantage of your authentication process and break in. In general, any method you don’t want other parts of your code to have access to and/or are only for the internal workings of the code they are in should be private.
B.
11155
March 9, 2011, 5:35pm
4
I don't, I just wanted to understand the nuance of keeping those methods
private - thanks!
if the assignment of current user is public, a users can steal resources from another.