6

I'm not entirely sure about the concept of private method in rails, and when and how to use it. Are there any rules? what are the differences between private vs public, vs protected? For example, in the following example, why is private method being used here instead of the other two methods. Is it best practice to always use private method for user generated input? Please enlighten me. Many thanks!

class PostsController < ApplicationController

def index
  @posts = Post.all.order("created_at DESC")
end

def new
 @post = Post.new
end

def create
 @post = Post.new(post_params)
  if @post.save
 redirect to @post
 else
  render 'new'
 end
end

def show
  @post = Post.find(params[:id])
end

private

def post_params
  params.require(:post).permit(:title, :body)
 end
end
York Wang
  • 1,909
  • 5
  • 15
  • 27
  • Ruby on Rails web apps are written with the Ruby programming language. The concept of `private` comes from Ruby itself, and Rails doesn’t add any special meaning to it. Ruby got the concept of `public` and `private` from the field of object-oriented programming (OOP). So I suggest just looking up what does public and private in OOP mean, and leaving Rails out of your searches. – Rory O'Kane Aug 12 '16 at 21:58

2 Answers2

9

In the Rails ActionController context, public methods of a controller class are exposed to web server through Rails routes. You can define a route to the public methods of the class and use them as controller actions.

However you can not define routes to private methods. They are designed as internal helper methods and there is no way to expose them to web server.

This leads to a basic convention in your controllers: Define each of your controller action as a public method, define routes for each of them and ether define views corresponding the actions or chain each action to another action or view. Use private methods or other classes for your helper methods or other components.

Of course these are conventions. You can make all your methods in controllers public if you're sure that no one would define routes to these methods or exposing them to the clients won't be harmful (as exposing sensitive information, creating vulnerability or just looking silly).

infiniteRefactor
  • 1,940
  • 15
  • 22
  • Thank you for the answer! I was confused about the concept behind 'private method' and the context in which the method should be used. It all makes sense now. Thank you for the explanation, this is very helpful. – York Wang Aug 12 '16 at 22:59
1

Because generally scope is a good thing.

It's one of the reasons you use classes to group methods together.

When those methods need to be called either as class levels methods or instance methods they need to be public.

This is also more of a core ruby concept than anything to do with rails.

However when those methods start to have a lot of code in them, it is a good practice to extract the details into other methods which are only called from the public methods within the class. The methods you extract are private methods.

As for protected it's more complicated, relates to inheritance and is rarely actually needed.
See separate questions such as Why does Ruby have both private and protected methods? which states protected methods can be called by any instance of the defining class or its subclasses.

Community
  • 1
  • 1
Michael Durrant
  • 93,410
  • 97
  • 333
  • 497