hide_action, a hidden treasure
Posted by Mathew Abonyi Fri, 11 Aug 2006 16:21:00 GMT
This is a quickie in my preparation for releasing Simple Scope, a DRY one-liner version of ScopedAccess. I think there are many hidden treats in the ActionController::Base which aren’t talked about.
One such treat is the hide_action class method. By default, everything in ActionController::Base and its modules are hidden from being actions, but its children need to protect and privatise their methods to prevent them from being executed by :controller/:action style URLs. For plugin developers working with ActionControllers especially, adding a call to hide_action can save a lot of pain. For example, for a controller plugin:
def self.included(base)
base.send :helper_method, :methodone, :methodtwo
base.send :hide_action, :methodone, :methodtwo
endNow you can have public methods included into controllers without the worry of them being executed.
An example usage is my Authenticated Cookie variant of Technoweeine’s AAA plugin. Both versions protect the entire module, where in fact accessing current_user should be public to other controllers, their classes, views and models (god forbid). I just recently changed logged_in? and current_user to be public and added the above snippet to the self.included method. Now class defined procs, such as before_filters, can do this:
before_filter(:only => :when_needed) { |c| params[:user_id] = c.current_user.id }Much cleaner than c.send :current_user.
That’s a good point. I usually just use protected methods for my controller filters though, so this hasn’t been an issue for me.
Well, that works, except if more than one plugin does it, or if the user is doing it themselves, the methods will conflict.
fsgdf