all: prob a stupid question.. new to ruby/rails. I have a working ruby on rails app on my server. However, i don't provide authentication service. (login etc).. In my workplace, there is a centrally authenticated URL- if ppl go there first, they can get authenticated. i thought i will put my html start page in this centrally authenticated place(with a form and hidden param and redirect to my ruby on rails server). I however, want to prevent ppl directly using http://myServer/app/main So, in my main method, i do this def controller_main @user = @params['user'] if (@user == nil) redirect_to "http://goway.com" # basically send them to some no accesspl end end This looked good.. but the problem is: i have other methods like list def list # This lists all my data #here my check for @user always returns nil. Why? end Only main method gets access to the html hidden param 'user'. i dont know why storing it in @user does not work (i thought its instance variable).
on 2007-02-21 23:46
on 2007-02-21 23:59
madmax wrote: > all: > prob a stupid question.. new to ruby/rails. > > I however, want to prevent ppl directly using http://myServer/app/main > > So, > in my main method, i do this > def controller_main > @user = @params['user'] > if (@user == nil) > redirect_to "http://goway.com" # basically send them to some no > accesspl > end > end > > This looked good.. but the problem is: i have other methods like list > def list > # This lists all my data > #here my check for @user always returns nil. Why? > end You need a before_filter in you application.rb to ensure that this @user object gets created on every request. Instance variables in the controller only exist for the length of one request, and then die. #application.rb class ApplicationController < ActionController::Base before_filter :authenticate def authenticate @user = @params['user'] redirect_to login_url unless @user end end
on 2007-02-22 03:07
Thanks for your reply. It still does not work for me. It only works on access to my main page (since the html redirect is passing a hidden param). in the login server, my html page content is like this ------- <form name="form" action="http://myServer/app/main" method="post"> <input type="hidden" name="user" value="goodguy"> <p style="text-align: center;"> <input type="submit" value="Goto Library"> --------------------- once my main page is loaded - http://myServer/app/main , in that main.rhtml, i have link defined like below. <%= link_to "(Show all Books)", :controller => "app", :action => "list" %> now, clicking on link, redirects me to login page (even though i did come from that).. so the authenticate method stores the @user = @params['user'].. but it also seems to lose it
on 2007-02-25 17:55
the way i solved is using session[:user] = @params['user'] and in other methods i just use the value of session[:user]