views:

1407

answers:

5

I know this sounds like a really, really simple use case and I'm hoping that it is, but I swear I've looked all over the place and haven't found any mention of any way - not even the best way - of doing this.

I'm brand-spanking new to Ruby, Rails and everything surrounding either (which may explain a lot). The dummy app that I'm using as my learning tool requires authentication in order to do almost anything meaningful, so I chose to start by solving that problem. I've installed the AuthLogic gem and have it working nicely to the extent that is covered by the intro documentation and Railscast, but now that I can register, login and logout...I need to do something with it.

As an example, I need to create a page where users can upload images. I'm planning to have an ImagesController with an upload action method, but I want that only accessible to logged in users. I suppose that in every restricted action I could add code to redirect if there's no current_user, but that seems really verbose.

Is there a better way of doing this that allows me to define or identify restricted areas and handle the authentication check in one place?

+3  A: 

Make sure you have these methods in your application_controller.rb

def current_user_session
  return @current_user_session if defined?(@current_user_session)
  @current_user_session = UserSession.find
end

def current_user
  return @current_user if defined?(@current_user)
  @current_user = current_user_session && current_user_session.record
end

def require_user
  unless current_user
    store_location
    flash[:notice] = "You must be logged in to access this page"
    redirect_to new_user_session_url
    return false
  end
end

Then in your controllers you can use a before filter to limit access to pages

class ExamplesController < ActionController::Base
  before_filter :require_user, :only => :private

  def public
    // some public stuff
  end

  def private
    // some protected stuff
  end
end
JimNeath
Thanks, Jim. I had to look a few things up and work my way through your additional method, but it worked perfectly. Thank you.
Rob Wilkerson
A: 

before_filter is your friend here. You define a require_authentication function that returns false if there is no valid session and then set it up as a before_filter in the controllers and actions to your liking.

Take a look at the Authlogic Sample application, which defines some filters in the application_controller.rb and then uses it where needed (for example here, where you need to be logged to destroy your account, and not logged to create a new one.

pantulis
A: 

You will need to use a before_filter on your page so that only logged in users can see it. If you want a running example of how Authlogic should be used (including the before_filter stuff), you can check out the Authlogic Exmaple from Github.

Mike Trpcic
A: 

I know this is an old post but I am trying to do something similar. Here is what I need to do hopefully I can get some assistance:

I am having hard time trying to figure out how can I do the following:

in my application controller I have the following helpers:

filter_parameter_logging :password, :password confirmattion

helper_method :all

private
  def current_user_session
    return @current_user_session if defined?(@current_user_session)
    @current_user_session = UserSession.find
  end

  def current_user
    return @current_user if defined?(@current_user)
    @current_user = current_user_session && current_user_session.user
  end

  def require_user

unless current_user store_location flash[:notice] = "You must be logged in to access this page" redirect_to new_user_session_url return false end

end

Now I want only users to be logged in to upload photos. So if the hit the upload link it takes them to a page, and the page tells them they have to logged in to upload. Once they register or login it takes them to another view that has the link for them to upload their picture.

Can someone tell me how I do this. I really appreciate your help.

Thanks in advance

about2flip
A: 

You have the entire code Gist available here at Github. Its roughly 360 lines of code. Inclusive of steps.

http://gist.github.com/96556.txt

Shripad K