On Feb 19, 2006, at 3:20 PM, Neil D. wrote:
fancy graphics.
if ((@request.remote_addr =~ /^192.168./) != false) then
< do stuff >
else
< error page >
end
Wouldn’t it make more sense to use an application.rb
helper (available everywhere):
def request_is_local?
@request.remote_addr =~ /^192.168./)
end
Then the controllers can simply use:
if request_is_local?
< do stuff >
else
< error page >
end
DRY + readability == the right way
Another improvement would be to use before_filter
to make the call to request_is_local?
Perhaps even better is to override the built-in
local_request? then use that in the before_filter, which
gives you the advantage of Rails knowing a request is
local and responding appropriately in the case of errors.
Overriding a built-in is a bit much for a list response,
so here’s the URL to learn more:
http://api.rubyonrails.com/classes/ActionController/Rescue.html#M000043
I’m not sure if the decision to split the project into two apps is
really a good one. You could build a single app with multiple front
ends depending on who is accessing the site.
Yes, I’d agree here. No need for separate applications.
Put the secure stuff in it’s own controllers and own view, protect
it in several ways (user/password/role), HTTPS, IP verification,
etc. and DRY on the however you choose to protect it via before_filter
so that nothing in the administration controller(s) “slips through the
cracks.”
–
– Tom M.