From: Andy Allan Date: Wed, 20 Mar 2019 13:37:39 +0000 (+0100) Subject: Mark all methods in api_controller and application_controller as private X-Git-Tag: live~3227^2~1 X-Git-Url: https://git.openstreetmap.org./rails.git/commitdiff_plain/8d207e7de0d540afbfd45381f23c5f9378026009?ds=sidebyside;hp=-c Mark all methods in api_controller and application_controller as private They aren't designed to be used as request endpoints, so there's no need for them to be public. --- 8d207e7de0d540afbfd45381f23c5f9378026009 diff --git a/app/controllers/api_controller.rb b/app/controllers/api_controller.rb index cb3d71d49..ebc75ac39 100644 --- a/app/controllers/api_controller.rb +++ b/app/controllers/api_controller.rb @@ -1,6 +1,8 @@ class ApiController < ApplicationController skip_before_action :verify_authenticity_token + private + def authorize(realm = "Web Password", errormessage = "Couldn't authenticate you") # make the current_user object from any auth sources we have setup_user_auth diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index c5545c068..8ccd77060 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -12,6 +12,8 @@ class ApplicationController < ActionController::Base attr_accessor :current_user helper_method :current_user + private + def authorize_web if session[:user] self.current_user = User.where(:id => session[:user]).where("status IN ('active', 'confirmed', 'suspended')").first @@ -402,8 +404,6 @@ class ApplicationController < ActionController::Base end end - private - # extract authorisation credentials from headers, returns user = nil if none def get_auth_data if request.env.key? "X-HTTP_AUTHORIZATION" # where mod_rewrite might have put it