I have a simple login scheme in application.rb. Something like
:requires_login is called in any controller as a before_filter. All is
good, except I’m having trouble figuring out how to make the public
login actions skip this before filter. Here’s what I have:
application.rb
skip_before_filter :requires_login, :only => [:login, :logout,
:confirm_valid_login]
my_controller.rb
before_filter :requires_login, :except => [:list, :show]
I can’t successfully pass authentication and what I believe is happening
is that all the right things are happening up till the point of
my_controller.rb, where the :except tells Rails to add all the actions
from application.rb back into the filter chain. I know if I invert the
logic in my_controller to an :only, the auth code in application.rb
works fine.
Q: At what point would the skip… in application.rb be called?
Q: Is there a best practice for doing something like this (other than
the obvious: use login_engine)?
Q: Is there a good place to read about this?
Thanks