Rails - Mar 2006 - How to restrict access to admin part of the page?

Hi!

What is the easiest way to restrict access to some part of the page?
In php i just put .htaccess and .htpasswd files in /admin folder and it 
worked.
Now i''ve got one admin folder for controllers, one for views, public 
folder and i''m not really sure if it''s still possible. So what
is the
easiest way? I don''t have any user logging features on my site, because
i don''t need them. I want only to restric access to admin area.

-- 
Posted via http://www.ruby-forum.com/.

On 3/9/06, szymek <g0nzo@o2.pl> wrote:
>
> I don''t have any user logging features on my site, because
> i don''t need them. I want only to restric access to admin area.
>
I''m not sure I follow you here. You want to restrict it to certain
users, so
it seems to me that you need some kind of user-tracking - or how do you know
who your user is?

In any case: I''d create (or copy) a login controller, then add a
before_filter to the controller for areas you want to restrict.


-- Joshua
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://wrath.rubyonrails.org/pipermail/rails/attachments/20060309/08c72715/attachment.html

Well, you''re right, i wasn''t very clear about it.

On php sites i had separate folder admin for all administration pages. I 
just put there .htaccess and .htpasswd files which forced user to log to 
gain access to this folder and all pages within it. That''s it. I
didn''t
write any line of logging code (if i didn''t need it of course).

Is it possible to do the same - restrict access using just .htaccess and 
.htpasswd files instead of creating login controller and write a code?

-- 
Posted via http://www.ruby-forum.com/.

On 3/9/06, szymek <g0nzo@o2.pl> wrote:
> Well, you''re right, i wasn''t very clear about it.
>
> On php sites i had separate folder admin for all administration pages. I
> just put there .htaccess and .htpasswd files which forced user to log to
> gain access to this folder and all pages within it. That''s it. I
didn''t
> write any line of logging code (if i didn''t need it of course).
>
> Is it possible to do the same - restrict access using just .htaccess and
> .htpasswd files instead of creating login controller and write a code?
It''s outstandingly simple to add authentication to an existing Rails
app.  Check out acts_as_authenticated and/or LoginEngine for a couple
of the many options available.

http://wiki.rubyonrails.com/rails/pages/Acts_as_authenticated
http://rails-engines.org/login_engine


-- James

Thanks!

I''ll probably choose acts_as_authenticated as it looks simpler.

However it still would be much simpler to create 2 small files, than 
installing new plugin and creating new ''users'' table, which
will have
only 1 user :)

-- 
Posted via http://www.ruby-forum.com/.

On 3/9/06, szymek <g0nzo@o2.pl> wrote:
>
> However it still would be much simpler to create 2 small files, than
> installing new plugin and creating new ''users'' table,
which will have only 1
> user :)
>
1. In many cases, yes, but not all (especially shared) hosts allow .htaccess
files, even for authentication.

2. It''s not *necessary* to install a plugin, nor to create a users
table.
Those are alternatives to writing your own login controller.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://wrath.rubyonrails.org/pipermail/rails/attachments/20060309/e302f71a/attachment.html

Maybe you''re right about writing my own very simple login controller.

It would be probably faster using ruby, than installing and configuring 
the plugin :)

Is it a huge security hole if i put username/(encoded)password inside my 
controller?

-- 
Posted via http://www.ruby-forum.com/.

On 3/9/06, szymek <g0nzo@o2.pl> wrote:
>
> Is it a huge security hole if i put username/(encoded)password inside my
> controller?
>
In general? I don''t think it''s a huge security hole.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://wrath.rubyonrails.org/pipermail/rails/attachments/20060309/928b3fd7/attachment.html