If a user is not logged in, current_user will be nil. You will have to guard against that case. There's also something missing here. Regardless of what the method called by the filter returns, the action will always proceed. With the exception of a method that calls render or redirect in the filter.
Here is a working filter that does what you're trying to do, assuming you have a named route called denied.
require_role "company" ** This is working fine
before_filter :company_required
def company_required
redirect_to denied_url unless logged_in? && current_user.company_id == Company.find(params[:id])
end
You can add a route by adding the following to config/routes.rb before the default route block. You can use an existing controller or create a new one if you want. This is what I usually use:
map.denied '/denied', :controller => "home", :action => "denied"
As others have stated it looks like you're using Restful Authentication. You might find it helpful to take a look at documentation to better understand the login process. The short version is that a user will submit a form identifying them as a member of your application, to the sessions_controller which sets current_user. If you ran the generator you should access to the above mentioned logged_in? method.
sessions_controller and current_user may be something different in your application is you you gave the Restful Authentication generator differenet arguments.