Hi,
I’m using restful_authentication with the latest version of RoR.
There are some actions that a user can only access if he is logged
in. So I’m putting this check in my code:
def new
if logged_in?
@user = User.find(session[:user_id])
@ec_order = EcOrder.new
1.times { @ec_order.ec_line_items.build }
else
flash[:notice] = "You must be logged in to access this
page."
redirect_to :controller => “register”, :action =>
“start”
end
end
I am repeatedly including this “if logged_in?” action in many actions,
and in some cases every action in a controller has this. What’s a
better way to do this?
Thanks, - Dave
On Feb 4, 2008 1:35 PM, [email protected]
[email protected] wrote:
@ec_order = EcOrder.new
and in some cases every action in a controller has this. What’s a
better way to do this?
If you’re using the login_required before_filter, you can override
#authorized? to determine what actions that user can access. Just
return false if they don’t have access and it’ll trigger the
access_denied method.
–
Rick O.
http://lighthouseapp.com
http://weblog.techno-weenie.net
http://mephistoblog.com
I can’t see that I’m using the login_required before_filter, but that
sounds like the answer. How do I activate that? - Dave
Try something like this in your controller:
If you dont need the exceptions, just drop them.
before_filter :login_required, :except => :show
You can also put it in your application controller (without
the :except part), just make sure you skip this rule in the
controllers that you need to actually login.
skip_before_filter :login_required
Good luck!
Ger Apeldoorn.
On Feb 5, 2:41 am, “[email protected]”