Topic: Making sure users log in/user management

I have a bunch of controllers in my application, each dealing with customers, or users, or orders. I also have a controller called dashboard, which is the home page for users. From the dashboard people can create customers, create orders, etc. Users must be registered and logged in.

I want to avoid putting a "check_authentication" method in each controller, just because I don't like code duplication. Is there a good way to do this in rails? I'm very new to rails, recently converted from Java. Helpers perhaps?

Thanks for any suggestions smile

Re: Making sure users log in/user management

All controllers inherits from the ApplicationController class found in app/controllers/application.rb. That is a good place to put your private "check_authentication" method.

You can then add the method to the before_filter chain. … thods.html

It depends on your web application but if authenticated users is the norm, then you could put this into application controller so check_authentication() will always run:

class ApplicationController < ActionController::Base
  before_filter :check_authentication

You can specify which actions should skip authentication in child controllers:
class AccountsController < ApplicationController
  skip_before_filter :check_authentication, :only => [:login]
  before_filter :some_other_method_name

Last edited by vwoo (2007-07-13 04:47:10)

Vincent Woo Ruby on Rails Blog

Re: Making sure users log in/user management

Thank you vwoo, that's perfect smile