Make Grails action available only for includes

Question

I have a Grails controller with multiple actions. For now all actions are available for user calls (I can access them from my browser), even the ones that should be called only from withing the g:include tag. I want to restrict access to such actions from the browser. I cannot mark action as protected because in this case I will not be able to include this action in a view for another controller.

Is there any practice how to encapsulate actions in such situations?

Answer 1

The way to “protect” actions from being accessible via a URL is to not provide a URL mapping to them. The default url mapping looks something like this…

class UrlMappings {

    static mappings = {
        "/$controller/$action?/$id?(.$format)?"{
            constraints {
            // apply constraints here
        }

        // ...
    }
}

That “/$controller/$action?/$id?(.$format)?” mapping is convenient for simple crud apps and demos well but for any substantial app you should almost always remove that. Without it, only the actions you explicitly expose are accessible.