How to password protect CRUD pages

Hi all,

I’m in the process of working through my first rails app and had a
general security question. For simplicity’s sake, let’s say I’ve got
an Article object with all of the scaffolding-generated files
(article.rb, articles_controller.rb and all of the list/edit/new/etc
views).

For obvious security reasons, I need to make sure all of these views
are only accessible to admins, since they all have links to add/edit/
delete the articles.

I’ve also created two additional views which basically mirror the list
and show views…the only difference being there are no add/edit/
delete links…everything is just read-only. These will be the public-
facing views.

My question is basically, how do I structure my application so that
any view and/or controller action that modifies the database is
password protected, while any “read-only” view that I’ve created is
accessible to the general public?

Thanks in advance for your help!

-Brian

Check out restful_authentication, and you can use before_filters to keep
out the unwanted, like:

before_filter :login_required, :except => [:index, :show]

You don’t have to login to see the list, or look at a single item

and you can use the logged_in? method to protect your edit/destroy links

Excellent, thanks for the advice!

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs