Thanks all for the input.
The reason I’m putting the before_filter in the Application.rb is
simply that I want it to apply to all controllers. Since the purpose
is to check whether the user has a valid session before executing any
controller methods. I could move it to the Users controller but then I
would also need to put it in other controllers as well.
Right. The whole point of putting a before_filter call in application.rb
is so it automatically applies to all controllers that descend from
ApplicationController. I think where we are misunderstanding one another
is in the way you avoid the filter being run for a particular action in
a particular controller. What I’m understanding you to be saying is you
can specify, in application.rb, all of the actions to either include or
exclude regardless of the controller. So if I do this in application.rb
before_filter :login_required, :only => [:create, :update, :destroy]
then it would apply to :create, :update, and :destroy actions in any
controller. I have never understood it to work that way, but maybe it
does. Rather, my understanding is that if you specify :only or :except,
it will look in the “current” controller, that is, whichever one the
before_filter statement is found. So in my contrived case above, the
filter would actually never get called because you don’t have :create,
:update, :destroy actions in application.rb. On the other hand, in your
example where you have :except, it seems that it would always get called
because you don’t have the exceptions in your application.rb.
I certainly won’t be surprised to find out that my understanding is
wrong (I’m often wrong and have learned to accept it cheerfully), but I
will be surprised if that is actually how it works. It seems it would be
an extremely complicated way to go about things.
As for the skip_before_filter, the API docs say
You can control the actions to skip the filter for with the :only and
:except options, just like when you apply the filters.
so I assume you could do something like
skip_before_filter :login_required, :only => [:passwd_reset]
But as I said before, I have not made use of skip_before_filter, so I
might be blabbering on about something I shouldn’t be
Please don’t take this the wrong way, but I’m not sure I’d be satisfied
with your route “solution”. To have to put a bogus value on your route
to get it to work suggests to me that something else is amiss.