Mark all methods in api_controller and application_controller as private

They aren't designed to be used as request endpoints, so there's no
need for them to be public.

diff --git a/app/controllers/api_controller.rb b/app/controllers/api_controller.rb
index cb3d71d490587f5641c27c0ca70ff528c42f0847..ebc75ac3919fbacc98fe1ff29960bbc56601566e 100644 (file)
--- a/app/controllers/api_controller.rb
+++ b/app/controllers/api_controller.rb
@@ -1,6 +1,8 @@
 class ApiController < ApplicationController
   skip_before_action :verify_authenticity_token
 
+  private
+
   def authorize(realm = "Web Password", errormessage = "Couldn't authenticate you")
     # make the current_user object from any auth sources we have
     setup_user_auth

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index c5545c06871ffe964c00523c535f2d30b7859697..8ccd7706018f8fca2fe2e0f1d2f7958e95f5246c 100644 (file)
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -12,6 +12,8 @@ class ApplicationController < ActionController::Base
   attr_accessor :current_user
   helper_method :current_user
 
+  private
+
   def authorize_web
     if session[:user]
       self.current_user = User.where(:id => session[:user]).where("status IN ('active', 'confirmed', 'suspended')").first
@@ -402,8 +404,6 @@ class ApplicationController < ActionController::Base
     end
   end
 
-  private
-
   # extract authorisation credentials from headers, returns user = nil if none
   def get_auth_data
     if request.env.key? "X-HTTP_AUTHORIZATION" # where mod_rewrite might have put it