Hi all,
I’m having a problem with a piece of code that should be handling a
failed login attempt.
I have created a before filter in a controller called
StoryController, that should only be applied for the new method:
#code
before_filter :login_required, :only => new
#code
login_required is defined in my ApplicationController:
#code
def login_required
# if logged_in is true, then just exit
return true if logged_in?
# otherwise, store the user’s request url so we can come back later
session[:return_to] = request.request_uri
# redirect the user back to the login page and return false
redirect_to :controller => “/account”, :action => “login” and
return false
end
#code
and logged_in is also defined, as a helper method, in my
ApplicationController:
#code
def logged_in?
! @current_user.blank?
end
helper_method :logged_in?
#code
Finally, @current_user is set in the ApplicationController too, with
the help of another before filter called fetch_logged_in_user:
#code
before_filter :fetch_logged_in_user
protected
def fetch_logged_in_user
# if there is no current user, just exit the method and return
return if session[:user_id].blank?
# otherwise fetch a User object with an id that is equal to the
id stored in the session container
# and assign it to the @current _user instance variable
@current_user = User.find_by_id(session[:user_id])
end
#code
Anyway, this all seems to make a certain amount of sense to me.
@current_user is being set for every page load: a further check for
the current logged-in user is made when someone attempts to create a
new story, and if there is no logged-in user then the application
redirects to a login page. If I read things correctly, since the
filter returns false then the current controller method (new) should
just exit, so no story should get created. Sadly, that is not what
happens in practice. Instead, the story submission works regardless
of whether or not there is a logged-in user. The only difference is
that if a user has logged in then their user_id is stored in the
story table, and otherwise a NULL is stored in the relevant column.
It appears to me that the login_required filter is not being applied,
but I cannot understand why it is not. Can anyone help enlighten me?
BTW I am not a hugely experienced Rails programmer and this code is
from a book (Build your own RoR Web Applications by Patrick Lenz):
I’ve checked my code against the book and the code archive.
Any help much appreciated.