More efficient way to manage access control with restful_authentication?

Hi,

I’m using restful_authentication with the latest version of RoR.
There are some actions that a user can only access if he is logged
in. So I’m putting this check in my code:

    def new
        if logged_in?
            @user = User.find(session[:user_id])
            @ec_order = EcOrder.new
            1.times { @ec_order.ec_line_items.build }
        else
            flash[:notice] = "You must be logged in to access this

page."
redirect_to :controller => “register”, :action =>
“start”
end
end

I am repeatedly including this “if logged_in?” action in many actions,
and in some cases every action in a controller has this. What’s a
better way to do this?

Thanks, - Dave

On Feb 4, 2008 1:35 PM, [email protected]
[email protected] wrote:

            @ec_order = EcOrder.new

and in some cases every action in a controller has this. What’s a
better way to do this?

If you’re using the login_required before_filter, you can override
#authorized? to determine what actions that user can access. Just
return false if they don’t have access and it’ll trigger the
access_denied method.


Rick O.
http://lighthouseapp.com
http://weblog.techno-weenie.net
http://mephistoblog.com

I can’t see that I’m using the login_required before_filter, but that
sounds like the answer. How do I activate that? - Dave

Try something like this in your controller:

If you dont need the exceptions, just drop them.

before_filter :login_required, :except => :show

You can also put it in your application controller (without
the :except part), just make sure you skip this rule in the
controllers that you need to actually login.

skip_before_filter :login_required

Good luck!
Ger Apeldoorn.

On Feb 5, 2:41 am, “[email protected]

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs