1

I would like to create a checking tool/rake task, that would dynamically go through all the public methods that are possibly accessible from outside world and check our authorization rules.

For this I would need to collect all the controllers and all its public methods. How to do that? I would like to use Ruby reflection or metadata techniques rather than grepping files.

Improve this question
1
  • it only makes sense if you have a catch-all rule like match ':controller(/:action(/:id(.:format)))' Commented Dec 2, 2011 at 10:40

1 Answer 1

Reset to default
2

AFAICT this is impossible to do in the general case as you can't tell which params go where, e.g. /items/foo/id or /items/foo?bar=baz ? Also, which values of the params are ok ?

But you can get a decent value with

Rails.application.routes.routes.map(&:path)

which shall give you a list in the form used in rake routes (/klass/:id/action(.:format))

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

I will be checking just authorization rules (if its is present and what the rules are). Thanks
yes, I meant that for example you may have authorization for the edit of an item that is possible for administrators and for the users who originally created them but not for other users, which depends on a suitable choice of the params.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.