Posted via http://www.ruby-forum.com/.
Hmm. I'm seeing this, too. For most cases, this results in a "Template
is missing" error because there's nothing to render. However, if you
happened to have a helper method in the controller that rendered
something (a partial, say), I'm thinking this could be a security issue.
Protecting the methods seems to fix this, resulting in an "Unknown
action" error. Is there any functionality lost by protecting the
methods? Maybe helper_method should protect these automagically?
> Protecting the methods seems to fix this, resulting in an "Unknown
> action" error.
BTW, these errors show up in development, but result in a 500 error in
But helper methods are still available through GET in production?
As I saw in the development log when application error happens rails
send http with 500 status
Yep. In most cases they will cause a template error unless you have a
helper that calls render or you happen to have a view to be rendered
with your helper actions name.
Why you would have a helper method that renders something defined in
your controller I don't know, but I've tested this and can get rendered
text, partial, or full view.
Helpers are smart methods (functions) that help your view templates
generate HTML. They know to use your model objects and controller
classes to create just the right HTML and.
but it doesn't matter)
What d u mean
> Why you would have a helper method that renders something defined in
> your controller I don't know, but I've tested this and can get rendered
> text, partial, or full view.
Helpers purpose is to 'render something defined in controller' isn't
In the above statement I'm differentiating helpers defined in a
controller vs. helpers defined in a helper module.
If I need to use a method in both my controller and my view, I define it
in my controller and then designate it as a helper with helper_method.
In practice, I find that the methods I need in both the controller and
the view are methods that do not end up rendering anything (e.g,
logged_in?, is_admin?). Most of my rendering helpers are defined in my
helper modules and not in my controller.
Did that make sense?
As far as I know the core list has not been notified.
When I use some helper with controller, like :helper helper_name,
I can call all helper methods that are not private or protected from
browser, by typing url "http://controller/helper_method ".
Does this work only for development enviroment or it works always?
I've seen some helpers from wiki.rubyonrails.org and rails books and
helper methods never were private or protected there...
Of course, I can make my methods protected, but if anyone will follow
any rails tutorial there is nothing about this, moreover, all 3rd party
helpers that I've downloaded from wiki or somewhere else had their
methods being public
I agree that this problem is not well documented, and if no changes are
made to helper_method, then there should at least be a note in the