Restrict External Access to Controller, but enable access from Model (CakePHP 2.X)

Question

In our application we are using the Controller and View to generate a PDF file which can be emailed to a user, the Controller renders a view file and passes it back to the model.

It has been setup like this because in another part of the application we use the same view file to display the PDF on-page (which requires POST data).

My problem is that I need to be able to access the controller functions from my model, however I want to prevent someone (using the website directly) from executing the controller function directly.

In Model:

$Contents = new ContentsController();
$message = $Contents->generatePDF($viewVars);

In Controller:

public function generatePDF($input_data)
{

    //set the original data and the check result to build the page:
    foreach($input_data as $key => $value)
    {
        $this->set($key, $value);
    }

    //instantiate a new View class from the controller
    $view = new View($this);

    $viewData = $view->render('pdf_file', 'pdf');

    return $viewData;
}

Which works, however if the user goes and types /Contents/generatePDF into their browser they can access this controller function, so I want to be able to prevent it being accessed from the web directly.

I am using CakePHP 2.X

Answer 1

The simplest approach is to prepend an underscore to the name of your controller method: _generatePDF. Such methods are not accessible via browser.