diff options
| author | David Heinemeier Hansson <david@loudthinking.com> | 2005-02-17 18:59:51 +0000 |
|---|---|---|
| committer | David Heinemeier Hansson <david@loudthinking.com> | 2005-02-17 18:59:51 +0000 |
| commit | 04b8bc1bdd13de1a5a47239bea12229ca98dd0cc (patch) | |
| tree | 4b6e03b7877af32102476a0359eefcee507e58e0 /actionpack/lib/action_controller/base.rb | |
| parent | 761b18a564182f84b914b8510d092d4311423d7d (diff) | |
| download | rails-04b8bc1bdd13de1a5a47239bea12229ca98dd0cc.tar.gz rails-04b8bc1bdd13de1a5a47239bea12229ca98dd0cc.tar.bz2 rails-04b8bc1bdd13de1a5a47239bea12229ca98dd0cc.zip | |
Fixed that a bunch of methods from ActionController::Base was accessible as actions (callable through a URL) when they shouldn't have been #644 [Nicholas Seckar]. Base#hide_actions(*names) to hide public methods from a controller that would otherwise have been callable through the URL. For the majority of cases, its preferred just to make the methods you don't want to expose protected or private (so they'll automatically be hidden) -- but if you must have a public method, this is a way to make it uncallable. Base#hidden_actions retrieve the list of all hidden actions for the controller #644 [Nicholas Seckar]
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@646 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
Diffstat (limited to 'actionpack/lib/action_controller/base.rb')
| -rwxr-xr-x | actionpack/lib/action_controller/base.rb | 18 |
1 files changed, 15 insertions, 3 deletions
diff --git a/actionpack/lib/action_controller/base.rb b/actionpack/lib/action_controller/base.rb index 7883233e84..421438414d 100755 --- a/actionpack/lib/action_controller/base.rb +++ b/actionpack/lib/action_controller/base.rb @@ -285,6 +285,19 @@ module ActionController #:nodoc: components.shift if components.first == 'controllers' # Transitional conditional to accomodate root Controllers module components.join('/') end + + # Return an array containing the names of public methods that have been marked hidden from the action processor. + # By default, all methods defined in ActionController::Base and included modules are hidden. + # More methods can be hidden using +hide_actions+. + def hidden_actions + write_inheritable_attribute(:hidden_actions, ActionController::Base.public_instance_methods) unless read_inheritable_attribute(:hidden_actions) + read_inheritable_attribute(:hidden_actions) + end + + # Hide each of the given methods from being callable as actions. + def hide_actions(*names) + write_inheritable_attribute(:hidden_actions, hidden_actions | names.collect {|n| n.to_s}) + end end public @@ -638,10 +651,9 @@ module ActionController #:nodoc: end def action_methods - action_controller_classes = self.class.ancestors.reject{ |a| [Object, Kernel].include?(a) } - action_controller_classes.inject([]) { |action_methods, klass| action_methods + klass.public_instance_methods(false) } + @action_methods ||= (self.class.public_instance_methods - self.class.hidden_actions) end - + def add_variables_to_assigns add_instance_variables_to_assigns add_class_variables_to_assigns if view_controller_internals |