Rails guides - getting started - section 10 security

The example doesn’t work as described for me; not sure if I haven’t
followed it right, or there’s a problem with the code. Can someone
help me to determine what the problem is.

Specifically, after adding the authentication code to the
PostsController, with this line:

before_filter :authenticate, :except => [:index, :show]

The guide says that “we want the user to be authenticated on every
action, except for index and show”, however, it only authenticates on
the new post and edit options; it doesn’t authenticate on destroy.

Sincere thanks in advance to anyone who can help shed light on this
issue! :slight_smile:

Here’s my code:

class ApplicationController < ActionController::Base
protect_from_forgery
private

def authenticate
authenticate_or_request_with_http_basic do |user_name, password|
user_name == ‘admin’ && password == ‘password’
end
end
end


class PostsController < ApplicationController

before_filter :authenticate, :except => [:index, :show]

GET /posts

GET /posts.xml

def index
@posts = Post.all

respond_to do |format|
  format.html # index.html.erb
  format.xml  { render :xml => @posts }
end

end

GET /posts/1

GET /posts/1.xml

def show
@post = Post.find(params[:id])

respond_to do |format|
  format.html # show.html.erb
  format.xml  { render :xml => @post }
end

end

GET /posts/new

GET /posts/new.xml

def new
@post = Post.new

respond_to do |format|
  format.html # new.html.erb
  format.xml  { render :xml => @post }
end

end

GET /posts/1/edit

def edit
@post = Post.find(params[:id])
end

POST /posts

POST /posts.xml

def create
@post = Post.new(params[:post])

respond_to do |format|
  if @post.save
    format.html { redirect_to(@post, :notice => 'Post was

successfully created.’) }
format.xml { render :xml => @post, :status
=> :created, :location => @post }
else
format.html { render :action => “new” }
format.xml { render :xml => @post.errors, :status
=> :unprocessable_entity }
end
end
end

PUT /posts/1

PUT /posts/1.xml

def update
@post = Post.find(params[:id])

respond_to do |format|
  if @post.update_attributes(params[:post])
    format.html { redirect_to(@post, :notice => 'Post was

successfully updated.’) }
format.xml { head :ok }
else
format.html { render :action => “edit” }
format.xml { render :xml => @post.errors, :status
=> :unprocessable_entity }
end
end
end

DELETE /posts/1

DELETE /posts/1.xml

def destroy
@post = Post.find(params[:id])
@post.destroy

respond_to do |format|
  format.html { redirect_to(posts_url) }
  format.xml  { head :ok }
end

end
end

rails != ruby