hide_action, a hidden treasure

Mathew Abonyi — Fri, 11 Aug 2006 12:21:00 -0500

This is a quickie in my preparation for releasing Simple Scope, a DRY one-liner version of ScopedAccess. I think there are many hidden treats in the ActionController::Base which aren’t talked about.

One such treat is the hide_action class method. By default, everything in ActionController::Base and its modules are hidden from being actions, but its children need to protect and privatise their methods to prevent them from being executed by :controller/:action style URLs. For plugin developers working with ActionControllers especially, adding a call to hide_action can save a lot of pain. For example, for a controller plugin:

def self.included(base)
base.send :helper_method, :methodone, :methodtwo
base.send :hide_action, :methodone, :methodtwo
end

Now you can have public methods included into controllers without the worry of them being executed.

An example usage is my Authenticated Cookie variant of Technoweeine’s AAA plugin. Both versions protect the entire module, where in fact accessing current_user should be public to other controllers, their classes, views and models (god forbid). I just recently changed logged_in? and current_user to be public and added the above snippet to the self.included method. Now class defined procs, such as before_filters, can do this:

  before_filter(:only => :when_needed) { |c| params[:user_id] = c.current_user.id }

Much cleaner than c.send :current_user.

"hide_action, a hidden treasure" by Alex

Thu, 09 Aug 2007 02:10:12 -0500

Well, that works, except if more than one plugin does it, or if the user is doing it themselves, the methods will conflict.

Wood for the Trees: hide_action, a hidden treasure

hide_action, a hidden treasure

"hide_action, a hidden treasure" by Alex