how to call a active record named scope with a string

Question

I'm sure I'm miss understanding the use of call but I thought I could do something like this.

@case_studies = CaseStudy.call("some_named_scope")

Where "some_named_scope" is also a named scope in CaseStudy. The reason why I need to use call is because I have named scopes that are the same names of the actions in the controller so I'm hopping to do something like this.

@case_studies = CaseStudy.call(params[:action])

EDIT

Forgive me, I just realized I was thinking about the send method, some how the word call got stuck in my head. But @case_studies = CaseStudy.send(params[:action]) works as I thought it would.

Answer 1

If some_named_scope is a named_scope of the CaseStudy model, you can use send to call the method corresponding to params[:action] value. But this is obviously heavily exploitable.

So, security aside, you could get going with:

@case_studies = CaseStudy.send(params[:action])

Hope it works.

Answer 2

Although @kolrie has the correct answer, it is not safe at all.

It should be whitelisted as follows:

scope = ["first_scope", "second_scope", "default_scope"].include? params[:action] ? params[:scope] : "default_scope"
@case_studies = CaseStudy.send(scope)