1. Computing

Rails Blog Tutorial - Adding RESTful Authentication

By

6 of 8

Protect Actions

Now that everything is in place, the login_required before filter can be added to the Posts controller. For every action to which this filter is applied, the user trying to access the action will need to be logged in. If the user is not logged in, they will be redirected to the login screen. Once logged in successfully, they will again be redirected to the action they tried to access.

When using the login_required before filter, it's best to use a whitelist. A whitelist defines the actions that are safe to access without authentication. If the opposite is done (a list of actions that are not safe to access without authentication), any newly added actions may inadvertently be left unprotected. To implement a whitelist, the :except argument to before_filter is used.

# File: app/controllers/posts_controller.rb
 class PostsController < ApplicationController
   before_filter :login_required, :except => %w[ index show ]
 ... snip ...
  1. About.com
  2. Computing
  3. Ruby
  4. Ruby on Rails
  5. Protect Actions

©2014 About.com. All rights reserved.