Lockdown - Generating Methods from Routes Table instead of Controller files - Stonean

Generating Methods from Routes Table instead of Controller files

Added by Anonymous 208 days ago

It's a neat idea to generate the controller classes from files located
in app/controllers and then from these classes derive the methods by

klass.public_instance_methods - klass.hidden_actions

But isn't inspecting the route table a more direct and accurate way?

This doesn't account for controllers and routes that come from
plugins.
In order to add support for the exception logger plugin, I added this
in the init.rb file

controller_classes["LoggedExceptionsController"] = const_get("LoggedExceptionsController")

Also, I've omitted defining the new and edit actions in the controller
since they're RESTful and are implicitly handled by the routes. This
way, new and edit are left out of the
controller.public_instance_methods.

Thanks again

Kevin

Replies

RE: Generating Methods from Routes Table instead of Controller files - Added by Andrew Stone 208 days ago

I don't think the Routes table will have all the methods required for Lockdown to grant access. An example would be an ajax method defined in the controller that isn't/shouldn't be accessible via the url.

If I'm wrong, please let me know.

I'll have to take a look at the exception logger plugin. There is probably a load path I can reference to load and inspect classes instead of just looking under app/controllers.

I have added an issue to the tracker for this:

http://stonean.com/issues/show/6

For the new/edit controller actions, Lockdown must know about the actions in order to grant access. I have not found the time to dig into the Rails code to determine how they are rendering edit without the edit action being defined. Probably another method_missing type construct.

If you know a way I can find out this information, that would be cool. Until then, it's just a rule with Lockdown. All methods must be defined in your controller. I don't have any plans to account for this Rails "magic".

RE: Generating Methods from Routes Table instead of Controller files - Added by Anonymous 207 days ago

I actually have 0 experience with Ajax, so I don't know. All I know is that if I remove change_password from the routes file, the Ajax request doesn't respond. I don't know what that means.

Maybe one way to resolve this is to merge the routes table with the results from klass.public_instance_methods - klass.hidden_actions