From: Andy Allan <git@gravitystorm.co.uk>
Date: Wed, 20 Mar 2019 13:37:39 +0000 (+0100)
Subject: Mark all methods in api_controller and application_controller as private
X-Git-Tag: live~2692^2~1
X-Git-Url: https://git.openstreetmap.org/rails.git/commitdiff_plain/8d207e7de0d540afbfd45381f23c5f9378026009

Mark all methods in api_controller and application_controller as private

They aren't designed to be used as request endpoints, so there's no
need for them to be public.
---

diff --git a/app/controllers/api_controller.rb b/app/controllers/api_controller.rb
index cb3d71d49..ebc75ac39 100644
--- a/app/controllers/api_controller.rb
+++ b/app/controllers/api_controller.rb
@@ -1,6 +1,8 @@
 class ApiController < ApplicationController
   skip_before_action :verify_authenticity_token
 
+  private
+
   def authorize(realm = "Web Password", errormessage = "Couldn't authenticate you")
     # make the current_user object from any auth sources we have
     setup_user_auth
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index c5545c068..8ccd77060 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -12,6 +12,8 @@ class ApplicationController < ActionController::Base
   attr_accessor :current_user
   helper_method :current_user
 
+  private
+
   def authorize_web
     if session[:user]
       self.current_user = User.where(:id => session[:user]).where("status IN ('active', 'confirmed', 'suspended')").first
@@ -402,8 +404,6 @@ class ApplicationController < ActionController::Base
     end
   end
 
-  private
-
   # extract authorisation credentials from headers, returns user = nil if none
   def get_auth_data
     if request.env.key? "X-HTTP_AUTHORIZATION" # where mod_rewrite might have put it