Rails - Feb 2008 - More efficient way to manage access control with restful_authentication?

Hi,

I''m using restful_authentication with the latest version of RoR.
There are some actions that a user can only access if he is logged
in.  So I''m putting this check in my code:

        def new
            if logged_in?
                @user = User.find(session[:user_id])
                @ec_order = EcOrder.new
                1.times { @ec_order.ec_line_items.build }
            else
                flash[:notice] = "You must be logged in to access this
page."
                redirect_to :controller => "register", :action
=>
"start"
            end
        end

I am repeatedly including this "if logged_in?" action in many actions,
and in some cases every action in a controller has this.  What''s a
better way to do this?

Thanks, - Dave

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

On Feb 4, 2008 1:35 PM, laredotornado-8iDLEspWrrZBDgjK7y7TUQ@public.gmane.org
<laredotornado-8iDLEspWrrZBDgjK7y7TUQ@public.gmane.org>
wrote:
>
> Hi,
>
> I''m using restful_authentication with the latest version of RoR.
> There are some actions that a user can only access if he is logged
> in.  So I''m putting this check in my code:
>
>         def new
>             if logged_in?
>                 @user = User.find(session[:user_id])
>                 @ec_order = EcOrder.new
>                 1.times { @ec_order.ec_line_items.build }
>             else
>                 flash[:notice] = "You must be logged in to access this
> page."
>                 redirect_to :controller => "register", :action
=>
> "start"
>             end
>         end
>
> I am repeatedly including this "if logged_in?" action in many
actions,
> and in some cases every action in a controller has this.  What''s a
> better way to do this?
>
If you''re using the login_required before_filter, you can override
#authorized? to determine what actions that user can access.  Just
return false if they don''t have access and it''ll trigger the
access_denied method.

-- 
Rick Olson
http://lighthouseapp.com
http://weblog.techno-weenie.net
http://mephistoblog.com

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

I can''t see that I''m using the login_required before_filter,
but that
sounds like the answer.  How do I activate that? - Dave

On Feb 4, 5:58 pm, "Rick Olson"
<technowee...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:
> On Feb 4, 2008 1:35 PM,
laredotorn...-8iDLEspWrrZBDgjK7y7TUQ@public.gmane.org
>
>
>
>
>
> <laredotorn...-8iDLEspWrrZBDgjK7y7TUQ@public.gmane.org> wrote:
>
> > Hi,
>
> > I''m using restful_authentication with the latest version of
RoR.
> > There are some actions that a user can only access if he is logged
> > in.  So I''m putting this check in my code:
>
> >         def new
> >             if logged_in?
> >                 @user = User.find(session[:user_id])
> >                 @ec_order = EcOrder.new
> >                 1.times { @ec_order.ec_line_items.build }
> >             else
> >                 flash[:notice] = "You must be logged in to access
this
> > page."
> >                 redirect_to :controller => "register",
:action =>
> > "start"
> >             end
> >         end
>
> > I am repeatedly including this "if logged_in?" action in
many actions,
> > and in some cases every action in a controller has this.
 What''s a
> > better way to do this?
>
> If you''re using the login_required before_filter, you can override
> #authorized? to determine what actions that user can access.  Just
> return false if they don''t have access and it''ll trigger
the
> access_denied method.
>
> --
> Rick
Olsonhttp://lighthouseapp.comhttp://weblog.techno-weenie.nethttp://mephistoblog.com-
Hide quoted text -
>
> - Show quoted text -
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Try something like this in your controller:

If you dont need the exceptions, just drop them.

  before_filter :login_required, :except => :show


You can also put it in your application controller (without
the :except part), just make sure you skip this rule in the
controllers that you need to actually login.

  skip_before_filter :login_required

Good luck!
Ger Apeldoorn.

On Feb 5, 2:41 am,
"laredotorn...-8iDLEspWrrZBDgjK7y7TUQ@public.gmane.org"
<laredotorn...-8iDLEspWrrZBDgjK7y7TUQ@public.gmane.org>
wrote:
> I can''t see that I''m using the login_required
before_filter, but that
> sounds like the answer.  How do I activate that? - Dave
>
> On Feb 4, 5:58 pm, "Rick Olson"
<technowee...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
>
> > On Feb 4, 2008 1:35 PM,
laredotorn...-8iDLEspWrrZBDgjK7y7TUQ@public.gmane.org
>
> > <laredotorn...-8iDLEspWrrZBDgjK7y7TUQ@public.gmane.org> wrote:
>
> > > Hi,
>
> > > I''m using restful_authentication with the latest version
of RoR.
> > > There are some actions that a user can only access if he is
logged
> > > in.  So I''m putting this check in my code:
>
> > >         def new
> > >             if logged_in?
> > >                 @user = User.find(session[:user_id])
> > >                 @ec_order = EcOrder.new
> > >                 1.times { @ec_order.ec_line_items.build }
> > >             else
> > >                 flash[:notice] = "You must be logged in to
access this
> > > page."
> > >                 redirect_to :controller =>
"register", :action =>
> > > "start"
> > >             end
> > >         end
>
> > > I am repeatedly including this "if logged_in?" action
in many actions,
> > > and in some cases every action in a controller has this. 
What''s a
> > > better way to do this?
>
> > If you''re using the login_required before_filter, you can
override
> > #authorized? to determine what actions that user can access.  Just
> > return false if they don''t have access and it''ll
trigger the
> > access_denied method.
>
> > --
> > Rick
Olsonhttp://lighthouseapp.comhttp://weblog.techno-weenie.nethttp://mephist...Hide
quoted text -
>
> > - Show quoted text -
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---