tags:

views:

49

answers:

3
+1  Q: 

Skipping authorization for certain methods

Per the Agile Development book, I have an Admin MVC that controls how users log in. In ApplicationController, I have a before_filter that checks for authorization. So, this will check that the user has logged in for every page.

The problem is that I want everyone to be able to access the new method, for example, in Users (that is, anyone should be able to create a new user -- naturally! Only admin users should have access to the other methods in UsersController such as edit, etc.). What's the best way to do that?

+2  A: 

You can either of this 

before_filter :except=>[:method_name]  #methods you want to skip filter

OR

before_filter :only=>[:method_name]    #methods you want to be filtered before called.

EDITED

before_filter :filter_method, :except=>[:method_name]  #methods you want to skip filter

OR

before_filter :filter_method, :only=>[:method_name]    #methods you want to be filtered before called.
Salil  2010-04-25 18:46:55
If this filter is specified in `ApplicationController` then it will only be applied to those methods in all child controllers as well.
John Topley  2010-04-25 18:52:59
@john before_filter :authorize, :except=>[:new, :create] in UsersController will also work.
Salil  2010-04-25 18:59:51
@John Nice..I haven't realized that haha.
jonasespelita  2010-04-26 00:44:25
+1  A: 
John Topley  2010-04-25 18:50:26
A: 

I would also suggest using CanCan gem for authorization as it has a really simple and clean way to define authorization rules. http://github.com/ryanb/cancan

Tadas Tamosauskas  2010-04-25 21:20:06

related questions

Is there a rake task for backing up the data in your database?
How to represent cross-model information in MVC?
WYSIWYG editor gem for Rails?
Best Solution For Authentication in Ruby on Rails
Acts-as-readable Rails plugin Issue
Associating source and search keywords with account creation
Any tips on getting Rails to run with an Access back-end?
Being as DRY as possible in a Ruby on Rails App
How Do You Secure database.yml?
What IDE to use for developing in Ruby on Rails on windows?
Is Ruby On Rails ready for the Enterprise?
OpenID authentication in Ruby on Rails
Why Doesn't My Cron Job Work Properly?
Why does sqlite3-ruby-1.2.2 not work on OS X?
Ruby mixins and calling super methods
Why all the Active Record hate?
Haml: how do I set a dymanic class value?
Learning Ruby on Rails any good for Grails?
How to sell Python to a client/boss/person with lots of cash
How do I create a new Ruby on Rails application using MySQL instead of SQLite?
Ruby On Rails with Windows Vista - Best Setup?
What is good forum software to add to an existing Rails application?
How do I fix 'Unprocessed view path found' error with ExceptionNotifier plugin in rails 2.1?
Frequent SystemExit in Ruby when making HTTP calls
Implementation of "Remember me" in a Rails application.