Forum: Ruby on Rails Unique URLs for authentication

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
A6c021edd83510e8b955fb9e20208ff5?d=identicon&s=25 Darren Jeacocke (dazonic)
on 2009-01-15 07:29
I've set up a route like this

map.connect 'confirm/:id/:full_name/', :controller => "users", :action
=> "confirm"

and I'm wondering what is the best way to verify in the confirm method.

full_name created in the model and it's not in the database.

This doesn't work because it doesn't parse one, then the other...

if @user = User.find(params[:id]) && @user.full_name ==
params[:full_name]
  # cool
else
  # bad
end

I want to do it the nice way, it doesn't seem right to nest a whole heap
of if statements. If you can help me out it'd be awesome, cheers!
9347d4d9f9c4272f6a3297ea3a5976ac?d=identicon&s=25 Kip Cole (kipcole9)
on 2009-01-15 09:56
(Received via mailing list)
Darren, a good design pattern that is useful for lots of models if
you're aiming for RESTfulness is to add a before_filter to your
controller.  So, if I understood your question correctly:

class UsersController < ApplicationController
  before_filter   :retrieve_user

  # Executed before every request if processed
  def retrieve_user
    @user = User.find(params[:id])
  end

  def confirm
    if @user.full_name == params[:full_name]
       head :ok
    else
       head :bad_request
    end
  end
end

Cheers, --Kip
9347d4d9f9c4272f6a3297ea3a5976ac?d=identicon&s=25 Kip Cole (kipcole9)
on 2009-01-15 10:02
(Received via mailing list)
Should have explained a little further, just in case.

> > This doesn't work because it doesn't parse one, then the other...
>
> > if @user = User.find(params[:id]) && @user.full_name ==
> > params[:full_name]

Ruby will check the predicated of an 'if' statement in the order you
type them
and will therefore work as you expect.  Except.....

A Model.find(id) will raise an exception if the id isn't found.  This
will, by default,
cause Rails to send your 404 page (not found) which is pretty cool
really.
Because you don't have to get fussed about worry about the case where
the id
is not found in your app logic.

Thats why the before_filter I suggested works too.  Your controller
action
code will only every get executed if the User.find(id) is successful
and you
just use the info retriieved.

Lastly, the pattern of /:controller/:id/:action is very common (and
how
RESTful resources work.  Which means your before filter is going to be
just
as useful for your CRUD actions as well.

Cheers, --Kip
A6c021edd83510e8b955fb9e20208ff5?d=identicon&s=25 Darren Jeacocke (dazonic)
on 2009-01-15 10:11
Awesome, thanks buddy. I'm still learning 'the rails way'. Good
solution.
This topic is locked and can not be replied to.