From 8d207e7de0d540afbfd45381f23c5f9378026009 Mon Sep 17 00:00:00 2001 From: Andy Allan Date: Wed, 20 Mar 2019 14:37:39 +0100 Subject: [PATCH] Mark all methods in api_controller and application_controller as private They aren't designed to be used as request endpoints, so there's no need for them to be public. --- app/controllers/api_controller.rb | 2 ++ app/controllers/application_controller.rb | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/app/controllers/api_controller.rb b/app/controllers/api_controller.rb index cb3d71d49..ebc75ac39 100644 --- a/app/controllers/api_controller.rb +++ b/app/controllers/api_controller.rb @@ -1,6 +1,8 @@ class ApiController < ApplicationController skip_before_action :verify_authenticity_token + private + def authorize(realm = "Web Password", errormessage = "Couldn't authenticate you") # make the current_user object from any auth sources we have setup_user_auth diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index c5545c068..8ccd77060 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -12,6 +12,8 @@ class ApplicationController < ActionController::Base attr_accessor :current_user helper_method :current_user + private + def authorize_web if session[:user] self.current_user = User.where(:id => session[:user]).where("status IN ('active', 'confirmed', 'suspended')").first @@ -402,8 +404,6 @@ class ApplicationController < ActionController::Base end end - private - # extract authorisation credentials from headers, returns user = nil if none def get_auth_data if request.env.key? "X-HTTP_AUTHORIZATION" # where mod_rewrite might have put it -- 2.39.5