Alright, I''ve been programming with Rails for a little while now, and I really like what I see. I made a simple application for our clients that need to be able to view their personal and contact information, the ports they''re buying through our ISP, and communicate back and forth with us. The thing is - the application is pretty messy because I have been hired as a new programmer (virtually NO programming experience, save slight experience with PHP, C++, and HTML/CSS/JavaScript, and I do mean slight experience) and have had no formal training, so I''m having to learn everything by myself on the fly. The application I wrote runs entirely off of one controller. The port tracking, the communications and messaging, the login and sessions; all of it, one controller. From what I''ve read and seen about Rails, though, this is entirely not the way to do it. The application definitely works, but I don''t like how it''s done. I''m just glad my first really app works, though! I have another application I''m working on right now and I''m barely getting my feet wet with Ajax and I''ve recently discovered the joys of using partials. I''m ready to create an authentication system for this application, and I want some users to be able to access certain parts of the app and not others. If I create a login controller, will the authentication and session information carry over into other controllers? And what is the most graceful way to have most actions inaccessible until authenticated, without having to include something like redirect_to "/login/" if !session[:userID] at the top of each action I want protected? (That''s how my first application does it, and I don''t like it.) Thanks, David -------------- next part -------------- An HTML attachment was scrubbed... URL: http://wrath.rubyonrails.org/pipermail/rails/attachments/20060714/9dab96d8/attachment-0001.html
> And what is the most > graceful way to have most actions inaccessible until authenticated, > without having to include something like > > redirect_to "/login/" if !session[:userID] > > at the top of each action I want protected?Filters are what you want. class AccountController < ApplicationController before_filter :authenticate, :except => [:my_unprotected_action] def my_unprotected_action end end The filter method can be any method accessible from the controller. In this case, an authenticate method would probably need to be available to all controllers. As such you''d define it in the application controller: class ApplicationController def authenticate if !session[:user_id] redirect_to :controller => ''user'', :action => ''login'' end end end Best thing you can do is get hold of the ''Agile..V2'' book: http://www.pragmaticprogrammer.com/title/rails/. It''s a great book that''ll get you started with all the Rails concepts and best practices. Hope that helps! Steve
This is a great way to employ a before_filter. For example: before_filter :require_authorization, :except => [:login, :list, :show] Or something like that. There are several authorization and authentication plugins. I?m using login engine/user engine, but if you want to understand how this works, read the Role Based Authentication recipe in Chad Fowler?s ?Rails Recipes.? HTH On 7/14/06 10:17 AM, "David R." <davidr64@gmail.com> wrote:> Alright, I''ve been programming with Rails for a little while now, and I really > like what I see. I made a simple application for our clients that need to be > able to view their personal and contact information, the ports they''re buying > through our ISP, and communicate back and forth with us. > > The thing is - the application is pretty messy because I have been hired as a > new programmer (virtually NO programming experience, save slight experience > with PHP, C++, and HTML/CSS/JavaScript, and I do mean slight experience) and > have had no formal training, so I''m having to learn everything by myself on > the fly. > > The application I wrote runs entirely off of one controller. The port > tracking, the communications and messaging, the login and sessions; all of it, > one controller. From what I''ve read and seen about Rails, though, this is > entirely not the way to do it. The application definitely works, but I don''t > like how it''s done. I''m just glad my first really app works, though! > > I have another application I''m working on right now and I''m barely getting my > feet wet with Ajax and I''ve recently discovered the joys of using partials. > I''m ready to create an authentication system for this application, and I want > some users to be able to access certain parts of the app and not others. > > If I create a login controller, will the authentication and session > information carry over into other controllers? And what is the most graceful > way to have most actions inaccessible until authenticated, without having to > include something like > > redirect_to "/login/" if !session[:userID] > > at the top of each action I want protected? (That''s how my first application > does it, and I don''t like it.) > > > Thanks, > David > > > _______________________________________________ > Rails mailing list > Rails@lists.rubyonrails.org > http://lists.rubyonrails.org/mailman/listinfo/rails-------------- next part -------------- An HTML attachment was scrubbed... URL: http://wrath.rubyonrails.org/pipermail/rails/attachments/20060714/66b0b03d/attachment.html
you might want to take a look at the login engine. http://www.rails-engines.org/login_engine/ http://api.rails-engines.org/login_engine/ Chris On 7/14/06, David R. <davidr64@gmail.com> wrote:> Alright, I''ve been programming with Rails for a little while now, and I > really like what I see. I made a simple application for our clients that > need to be able to view their personal and contact information, the ports > they''re buying through our ISP, and communicate back and forth with us. > > The thing is - the application is pretty messy because I have been hired as > a new programmer (virtually NO programming experience, save slight > experience with PHP, C++, and HTML/CSS/JavaScript, and I do mean slight > experience) and have had no formal training, so I''m having to learn > everything by myself on the fly. > > The application I wrote runs entirely off of one controller. The port > tracking, the communications and messaging, the login and sessions; all of > it, one controller. From what I''ve read and seen about Rails, though, this > is entirely not the way to do it. The application definitely works, but I > don''t like how it''s done. I''m just glad my first really app works, though! > > I have another application I''m working on right now and I''m barely getting > my feet wet with Ajax and I''ve recently discovered the joys of using > partials. I''m ready to create an authentication system for this > application, and I want some users to be able to access certain parts of the > app and not others. > > If I create a login controller, will the authentication and session > information carry over into other controllers? And what is the most > graceful way to have most actions inaccessible until authenticated, without > having to include something like > > redirect_to "/login/" if !session[:userID] > > at the top of each action I want protected? (That''s how my first > application does it, and I don''t like it.) > > > Thanks, > David > > _______________________________________________ > Rails mailing list > Rails@lists.rubyonrails.org > http://lists.rubyonrails.org/mailman/listinfo/rails > > >
> If I create a login controller, will the authentication and session > information carry over into other controllers?Yes; everything in session is accessible to all controllers for as long as the user''s session is alive. You can take advantage of this to log people out if their last request was longer than 20 minutes ago, for example. As already mentioned, before filters are definitely the way to go here. Also keep in mind that any methods you put in the ApplicationController class will be inherited by all controllers, so you can put your before_filter call there to automatically protect everything, then override it in, say, the login controller so that the login action doesn''t require login (which would be a problem). (If you don''t know how inheritance works, go look it up; it''s part of the magic of ActiveRecord.) It''s well worth dropping the cash on the three Pragmatic titles (Programming Ruby, AWDwR, and Rails Recipes). The tutorial in AWDwR offers good exposure to most of the Rails concepts. -Sam -- Posted via http://www.ruby-forum.com/.
Sam Livingston-Gray wrote:> (If you don''t know how inheritance works, go look it up; it''s part of > the magic of ActiveRecord.) >Actually, it''s part of the magic of Ruby, and ActiveRecord isn''t part of the controllers at all. -- Ola Bini (http://ola-bini.blogspot.com) JvYAML, RbYAML, JRuby and Jatha contributor System Developer, Karolinska Institutet (http://www.ki.se) OLogix Consulting (http://www.ologix.com) "Yields falsehood when quined" yields falsehood when quined.
On 7/14/06, David R. <davidr64@gmail.com> wrote:> > The application I wrote runs entirely off of one controller. The port > tracking, the communications and messaging, the login and sessions; all of > it, one controller. From what I''ve read and seen about Rails, though, this > is entirely not the way to do it. >As an aside, if one controller gets the job done, that''s fine-- you''ve done good! Don''t buy into dogma about how it''s ''supposed'' to be done. Usually the _best_ solution is the easiest one. That seems to be especially true in Ruby. If your code is feeling overly complicated to you when doing Ruby, you''re doing something wrong. Step back and reconsider your approach :) The application definitely works, but I don''t like how it''s done. I''m just> glad my first really app works, though! >Now, that''s really what''s important isn''t it?> I have another application I''m working on right now and I''m barely getting > my feet wet with Ajax and I''ve recently discovered the joys of using > partials. I''m ready to create an authentication system for this > application, and I want some users to be able to access certain parts of the > app and not others. >Having two controllers will make this easier, as the other''s have suggested. Put all of the protected stuff in a separate controller that has some authentication scheme on it. I''ll second the reccomendation for Chad Fowler''s Rails Recipes. He demystifies authentication and login controllers nicely. Howard -------------- next part -------------- An HTML attachment was scrubbed... URL: http://wrath.rubyonrails.org/pipermail/rails/attachments/20060715/d57a560b/attachment.html
> I''m ready to create an authentication system for this application, and I want some users > to be able to access certain parts of the app and not others.I don''t know much about your requirements for authentication, but if you want your authenticated users to have different levels of access to your application, you are getting into authorization as well. If you do get Rails Recipes (highly recommended) the recipe after authentication is about authorization. BTW, if you really want to grok this stuff, Rails Recipes is great, but it''s high level. I also suggest: Agile Web Development With Rails (more in depth with Rails) Ruby for Rails (more in depth with Ruby, purpose-written for Rails developers) Programming Ruby (the definitive Ruby book) You''re in luck as a Ruby newbie; you have plenty of great documentation resources. Good luck with your app. -TJ