Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I would like to create a checking tool/rake task, that would dynamically go through all the public methods that are possibly accessible from outside world and check our authorization rules.
For this I would need to collect all the controllers and all its public methods. How to do that? I would like to use Ruby reflection or metadata techniques rather than grepping files.
AFAICT this is impossible to do in the general case as you can’t tell which params go where, e.g.
/items/foo/idor/items/foo?bar=baz? Also, which values of the params are ok ?But you can get a decent value with
which shall give you a list in the form used in rake routes (
/klass/:id/action(.:format))