D''Andrew \"Dave\" Thompson
2005-Oct-04 01:00 UTC
SaltedLoginGen, User vs. App login require
I was wondering what the (dis)advantage might be for requiring login for the user controller vs. the application controller. Are their performance issues, or is there a best practice?>From the wiki (http://wiki.rubyonrails.org/rails/pages/SaltedLoginGeneratorQuickstart): *************************** You must require login in the user controller. One way to do this is to add the following line to (yourapp/app/controllers/user_controller.rb) before_filter :login_required Or, alternately, if you want to protect your entire application, you can add that same line to your ApplicationController<http://wiki.rubyonrails.com/rails/pages/ApplicationController>, making it unnecessary to specifically require login on the user controller. ***************************** Thanks -- ~~~~~~~~~~~~~~~~~~~ D''Andrew "Dave" Thompson http://dathompson.blogspot.com _______________________________________________ Rails mailing list Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org http://lists.rubyonrails.org/mailman/listinfo/rails
On Mon, Oct 03, 2005, D''Andrew Dave Thompson wrote:> I was wondering what the (dis)advantage might be for requiring login for the > user controller vs. the application controller. > > Are their performance issues, or is there a best practice?Well, really, you don''t need to do either. The SLG''s tests require that the user controller be protected, but it will work fine otherwise. That''s a questionable decision, though :) The question is this: do you need to protect most of your application or just certain controllers? If the entire app requires a login, it makes sense to put it in the application controller. If only one small section requires authentication, only protect that controller. Hope that helps :) Ben
D''Andrew "Dave" Thompson wrote:> I was wondering what the (dis)advantage might be for requiring login > for the user controller vs. the application controller. > > Are their performance issues, or is there a best practice? > > From the wiki > (http://wiki.rubyonrails.org/rails/pages/SaltedLoginGeneratorQuickstart): > > *************************** > > You must require login in the user controller. One way to do this is > to add the following line to > (|yourapp/app/controllers/user_controller.rb|) > >before_filter :login_required > > Or, alternately, if you want to protect your entire application, you > can add that same line to your ApplicationController > <http://wiki.rubyonrails.com/rails/pages/ApplicationController>, > making it unnecessary to specifically require login on the user > controller. >It depends on what you want to do in your application. If you intend to require every user that visits your site to login then it makes sense to catch every possible case with the before_filter in your application_controller.rb, but this may not be what you want to do. If you intend to allow anonymous users access to everything except your user pages, then you want the before_filter in the UserContoller. In the middle, the application that I am working on, factscollector, is going to allow both registered users and non-registered users. All users will be able to display the site''s content, but only registered users will be able to modify the content. I have this line in my current version of application_controller.rb before_filter :login_required, :except => [:index, :list, :show] -- Ray