small medium large xlarge

Generic-user-small
04 Oct 2008, 05:02
Tate (5 posts)

In our depot app we set the authorize action in the store controller so that anyone can view products and checkout. But what if we wanted to require people to login to checkout? Accordingly, how would we check to see if someone is logged in before we show the cart partial?

Generic-user-small
04 Oct 2008, 10:58
James West (104 posts)

This is covered in the next bit of the book where the authorize method is moved to use a before filter

Generic-user-small
04 Oct 2008, 14:01
Tate (5 posts)

If you mean the before_filter :authorize, :except => “login” in the application controller, I have that already.

Basically this will require authorize on all actions except the login action, and in our store controller we define authorize as blank so any guest can perform any actions on that particular controller.

I suppose I could use a before_filter on all controllers and :except any action that I want to be public, but that doesn’t seem very DRY

Generic-user-small
04 Oct 2008, 21:48
James West (104 posts)

I meant that it is covered in the next part of the book. you just have not read far enough yet. Sorry for the confusion

Generic-user-small
05 Oct 2008, 11:50
James West (104 posts)

Hi, At the bottom of page 173 the paragraph underneath the code that sets the before_filter it sais

“Note that this is going too far. We have just limited access to the store itself to administrators. That’s not good. We could go back and change things so that we only mark those methods” … etc

You must have missed that part when you were reading the book! lol! Hope that helps

Generic-user-small
05 Oct 2008, 15:33
Tate (5 posts)

Right, and then it says to provide an override for the authorize method, and we define it like so:

def authorize
end

</code>

So now every action in the store controller is accessible w/o needing authentication. My question is how would I require authentication for the checkout action? What if I wanted to do the reverse, lets say I wanted to list all users to the public. The users controller is being authenticated, so lets say I wanted to open up the index action for example?

Generic-user-small
05 Oct 2008, 16:39
James West (104 posts)

Hi Tate If I understand you correctly you want to selectively authorize actions at the controller method level?

I think if I were doing this from a noob perspective I would probably use some kind of flag as a parameter to the authorize method. Maybe call it something like need_to_login. Decide on a value for true and false then check the state of the flag before continuing the authorize method you can then call the authorize method within the individual methods in your controller passing it a true or false value

def authorize(need_to_log_in)
  if need_to_log_in?
    unless User.find_by_id(session[:user_id])
      flash[:notice] = "Please log in"
      redirect_to :controller => :admin, :action => :login
    end
  end
end

I’m not sure if I have the syntax correct or even if this would work but it is probably the way I would approach this problem given my limited rails knowledge

You must be logged in to comment