Topic: Rails Helpers Security
I was wondering about the following:
If I have protected (or private) authentication methods (actions) defined in a controller, I can easily validate whether a specific user is allowed access to specific actions in a controller. However, I want to have a more central authentication scheme. For example, I want 2 different controllers to use the same authentication methods. To eliminate code duplication, I threw those methods into the controller helper and just include that helper where necessary. That brings up the following question:
when you include a helper in a controller, can you have 'protected / private' methods inside the helper whose scope is just in the helper and then also have 'private / protected' methods inside the controller which only relate to the controller? Or does order matter when you include the helper or not and where you include it (bottom vs top)?
class EditController < ApplicationController
before_filter :check_authentication, :except => [:edit_login_submit, :edit_login]
What happens to some_public_method if i have 'private' declared before some actions in EditHelper?