A handful of basic Rails questions

davidjrice · July 14, 2006, 7:18pm

Alright, I’ve been programming with Rails for a little while now, and I
really like what I see. I made a simple application for our clients
that
need to be able to view their personal and contact information, the
ports
they’re buying through our ISP, and communicate back and forth with us.

The thing is - the application is pretty messy because I have been hired
as
a new programmer (virtually NO programming experience, save slight
experience with PHP, C++, and HTML/CSS/JavaScript, and I do mean
slight experience)
and have had no formal training, so I’m having to learn everything by
myself
on the fly.

The application I wrote runs entirely off of one controller. The port
tracking, the communications and messaging, the login and sessions; all
of
it, one controller. From what I’ve read and seen about Rails, though,
this
is entirely not the way to do it. The application definitely works, but
I
don’t like how it’s done. I’m just glad my first really app works,
though!

I have another application I’m working on right now and I’m barely
getting
my feet wet with Ajax and I’ve recently discovered the joys of using
partials. I’m ready to create an authentication system for this
application, and I want some users to be able to access certain parts of
the
app and not others.

If I create a login controller, will the authentication and session
information carry over into other controllers? And what is the most
graceful way to have most actions inaccessible until authenticated,
without
having to include something like

redirect_to “/login/” if !session[:userID]

at the top of each action I want protected? (That’s how my first
application does it, and I don’t like it.)

Thanks,
David

davidjrice · July 14, 2006, 7:37pm

And what is the most
graceful way to have most actions inaccessible until authenticated,
without having to include something like

redirect_to “/login/” if !session[:userID]

at the top of each action I want protected?
Filters are what you want.

class AccountController < ApplicationController
before_filter :authenticate, :except => [:my_unprotected_action]

def my_unprotected_action
end
end

The filter method can be any method accessible from the controller. In
this case, an authenticate method would probably need to be available to
all controllers. As such you’d define it in the application controller:

class ApplicationController
def authenticate
if !session[:user_id]
redirect_to :controller => ‘user’, :action => ‘login’
end
end
end

Best thing you can do is get hold of the ‘Agile…V2’ book:
http://www.pragmaticprogrammer.com/title/rails/. It’s a great book
that’ll get you started with all the Rails concepts and best practices.

Hope that helps!

Steve

davidjrice · July 14, 2006, 7:37pm

This is a great way to employ a before_filter. For example:

before_filter :require_authorization, :except => [:login, :list, :show]

Or something like that. There are several authorization and
authentication
plugins. IÂ¹m using login engine/user engine, but if you want to
understand
how this works, read the Role Based Authentication recipe in Chad
FowlerÂ¹s
Â³Rails Recipes.Â²

HTH

davidjrice · July 14, 2006, 7:40pm

you might want to take a look at the login engine.

http://www.rails-engines.org/login_engine/
http://api.rails-engines.org/login_engine/

Chris

davidjrice · July 14, 2006, 8:01pm

Sam Livingston-Gray wrote:

(If you don’t know how inheritance works, go look it up; it’s part of
the magic of ActiveRecord.)

Actually, it’s part of the magic of Ruby, and ActiveRecord isn’t part of
the controllers at all.

–
Ola B. (http://ola-bini.blogspot.com)
JvYAML, RbYAML, JRuby and Jatha contributor
System Developer, Karolinska Institutet (http://www.ki.se)
OLogix Consulting (http://www.ologix.com)

“Yields falsehood when quined” yields falsehood when quined.

davidjrice · July 14, 2006, 7:50pm

If I create a login controller, will the authentication and session
information carry over into other controllers?

Yes; everything in session is accessible to all controllers for as long
as the user’s session is alive. You can take advantage of this to log
people out if their last request was longer than 20 minutes ago, for
example. As already mentioned, before filters are definitely the way to
go here.

Also keep in mind that any methods you put in the ApplicationController
class will be inherited by all controllers, so you can put your
before_filter call there to automatically protect everything, then
override it in, say, the login controller so that the login action
doesn’t require login (which would be a problem).

(If you don’t know how inheritance works, go look it up; it’s part of
the magic of ActiveRecord.)

It’s well worth dropping the cash on the three Pragmatic titles
(Programming Ruby, AWDwR, and Rails Recipes). The tutorial in AWDwR
offers good exposure to most of the Rails concepts.

-Sam

davidjrice · July 15, 2006, 2:47pm

On 7/14/06, David R. [email protected] wrote:

The application I wrote runs entirely off of one controller. The port
tracking, the communications and messaging, the login and sessions; all of
it, one controller. From what I’ve read and seen about Rails, though, this
is entirely not the way to do it.

As an aside, if one controller gets the job done, that’s fine-- you’ve
done
good! Don’t buy into dogma about how it’s ‘supposed’ to be done. Usually
the
best solution is the easiest one. That seems to be especially true in
Ruby. If your code is feeling overly complicated to you when doing Ruby,
you’re doing something wrong. Step back and reconsider your approach

The application definitely works, but I don’t like how it’s done. I’m
just

glad my first really app works, though!

Now, that’s really what’s important isn’t it?

I have another application I’m working on right now and I’m barely getting
my feet wet with Ajax and I’ve recently discovered the joys of using
partials. I’m ready to create an authentication system for this
application, and I want some users to be able to access certain parts of the
app and not others.

Having two controllers will make this easier, as the other’s have
suggested.
Put all of the protected stuff in a separate controller that has some
authentication scheme on it. I’ll second the reccomendation for Chad
Fowler’s Rails Recipes. He demystifies authentication and login
controllers
nicely.

Howard

davidjrice · July 15, 2006, 4:20pm

I’m ready to create an authentication system for this application, and I want some users > to be able to access certain parts of the app and not others.

I don’t know much about your requirements for authentication, but if
you want your authenticated users to have different levels of access
to your application, you are getting into authorization as well. If
you do get Rails Recipes (highly recommended) the recipe after
authentication is about authorization.

BTW, if you really want to grok this stuff, Rails Recipes is great,
but it’s high level. I also suggest:

Agile Web D. With Rails (more in depth with Rails)
Ruby for Rails (more in depth with Ruby, purpose-written for Rails
developers)
Programming Ruby (the definitive Ruby book)

You’re in luck as a Ruby newbie; you have plenty of great
documentation resources.

Good luck with your app.

-TJ