The example doesn’t work as described for me; not sure if I haven’t
followed it right, or there’s a problem with the code. Can someone
help me to determine what the problem is.
Specifically, after adding the authentication code to the
PostsController, with this line:
before_filter :authenticate, :except => [:index, :show]
The guide says that “we want the user to be authenticated on every
action, except for index and show”, however, it only authenticates on
the new post and edit options; it doesn’t authenticate on destroy.
Sincere thanks in advance to anyone who can help shed light on this
issue!
Here’s my code:
class ApplicationController < ActionController::Base
protect_from_forgery
private
def authenticate
authenticate_or_request_with_http_basic do |user_name, password|
user_name == ‘admin’ && password == ‘password’
end
end
end
class PostsController < ApplicationController
before_filter :authenticate, :except => [:index, :show]
GET /posts
GET /posts.xml
def index
@posts = Post.all
respond_to do |format|
format.html # index.html.erb
format.xml { render :xml => @posts }
end
end
GET /posts/1
GET /posts/1.xml
def show
@post = Post.find(params[:id])
respond_to do |format|
format.html # show.html.erb
format.xml { render :xml => @post }
end
end
GET /posts/new
GET /posts/new.xml
def new
@post = Post.new
respond_to do |format|
format.html # new.html.erb
format.xml { render :xml => @post }
end
end
GET /posts/1/edit
def edit
@post = Post.find(params[:id])
end
POST /posts
POST /posts.xml
def create
@post = Post.new(params[:post])
respond_to do |format|
if @post.save
format.html { redirect_to(@post, :notice => 'Post was
successfully created.’) }
format.xml { render :xml => @post, :status
=> :created, :location => @post }
else
format.html { render :action => “new” }
format.xml { render :xml => @post.errors, :status
=> :unprocessable_entity }
end
end
end
PUT /posts/1
PUT /posts/1.xml
def update
@post = Post.find(params[:id])
respond_to do |format|
if @post.update_attributes(params[:post])
format.html { redirect_to(@post, :notice => 'Post was
successfully updated.’) }
format.xml { head :ok }
else
format.html { render :action => “edit” }
format.xml { render :xml => @post.errors, :status
=> :unprocessable_entity }
end
end
end
DELETE /posts/1
DELETE /posts/1.xml
def destroy
@post = Post.find(params[:id])
@post.destroy
respond_to do |format|
format.html { redirect_to(posts_url) }
format.xml { head :ok }
end
end
end