Forum: Ruby on Rails Suggestions wanted for non-logged-in user in closed beta pha

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
Chris T (Guest)
on 2006-06-08 18:31
(Received via mailing list)
Will shortly be deploying first iteration of app to some beta testers
(i.e. friends), and want them to be able see it both from logged-in view
and guest (i.e. not logged-in) view. The two are a fair bit different.
It's a closed beta, so (hopefully) no pages (other than a blank login
page) will be visible.

The question is, what's the best way for them to be able to see (and
test) the app in guest mode. Have two layers of auth (the app's and an
external one), set up a group role that simulates guest access (not wild
about this since it will mean changing the ACL setup after it's done).

Any other ideas, opinions?
Chris T (Guest)
on 2006-06-08 23:39
Chris T wrote:
> Will shortly be deploying first iteration of app to some beta testers
> (i.e. friends), and want them to be able see it both from logged-in view
> and guest (i.e. not logged-in) view. The two are a fair bit different.
> It's a closed beta, so (hopefully) no pages (other than a blank login
> page) will be visible.
>
> The question is, what's the best way for them to be able to see (and
> test) the app in guest mode. Have two layers of auth (the app's and an
> external one), set up a group role that simulates guest access (not wild
> about this since it will mean changing the ACL setup after it's done).
>
> Any other ideas, opinions?

No-one?
Trevor S. (Guest)
on 2006-06-08 23:57
(Received via mailing list)
On 8-Jun-06, at 12:39 PM, Chris T wrote:

>> test) the app in guest mode. Have two layers of auth (the app's
>> and an
>> external one), set up a group role that simulates guest access
>> (not wild
>> about this since it will mean changing the ACL setup after it's
>> done).
>>
>> Any other ideas, opinions?
>
> No-one?
>

Hi Chris,

it's kind of a vague question that requires an answer specific to
your code :-)

Have you considered using basic-auth at the webserver level to
protect access to the site as a whole with a beta-site access password?

Regards,
Trevor

--
Trevor S.
http://somethinglearned.com
Chris T (Guest)
on 2006-06-09 01:59
(Received via mailing list)
Trevor S. wrote:
>>> The question is, what's the best way for them to be able to see (and
> Hi Chris,
>
> it's kind of a vague question that requires an answer specific to your
> code :-)
>
> Have you considered using basic-auth at the webserver level to protect
> access to the site as a whole with a beta-site access password?
>
> Regards,
> Trevor
Yup, that's what I was thinking of when I said two layers of auth. Not
terribly elegant or pretty though. I guess I just put the htdigest file
in the public directory?
Trevor S. (Guest)
on 2006-06-09 02:30
(Received via mailing list)
On 8-Jun-06, at 2:56 PM, Chris T wrote:
>> Trevor
> Yup, that's what I was thinking of when I said two layers of auth.
> Not terribly elegant or pretty though. I guess I just put the
> htdigest file in the public directory?
>

Well, it's been *years* since I did basic-auth so I can't say off the
top of my head - likely it'll be specific to your webserver.

Regards,
Trevor
--
Trevor S.
http://somethinglearned.com
Zack C. (Guest)
on 2006-06-09 02:36
(Received via mailing list)
Chris,

I recently had a similar situation and solved it simply this way.
Basically it's just another filter layer that

--- [ environment.rb ] ---

module YOUR_APP
  PREVIEW_KEY = 'your_app_007'
end

--- [ application.rb ] ---

class ApplicationController < ActionController::Base

  def ensure_covertness
    return true if request.env['SERVER_NAME'].nil? ||
request.env['SERVER_NAME'].include?('localhost')
    if session[:preview_key] != YOUR_APP::PREVIEW_KEY
      redirect_to :controller => 'index', :action => 'preview' and
return false
    else
      true
    end
  end

end

--- [ index_controller.rb ] ---
class IndexController < ApplicationController

  before_filter :ensure_covertness, :except => :preview

  def preview
    if request.post? && params[:code] == YOUR_APP::PREVIEW_KEY
      session[:preview_key] = YOUR_APP::PREVIEW_KEY
      redirect_to :action => 'index'
    else
      render :layout => false
    end
  end

end


--- [ preview.rhtml ] ---

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitiona...
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<title>Preview</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
</head>
<body style="text-align: center; margin-top:100px"
onLoad="document.forms[0].elements[0].focus();">

<%= start_form_tag  %>
  <%= password_field_tag 'code' %>
  <%= submit_tag 'Submit' %>
<%= end_form_tag %>

</body>
</html>


Now put this line in every controller as the first line or better yet
in a base PublicController (for your public pages) and
SecureController for those pages where the user must be logged in.

before_filter :ensure_covertness


Hope this helps,
Zack
This topic is locked and can not be replied to.