I need to check if there is a logged user and of course if the user is an admin. I want to use the current_user and user_signed_in? methods but to use this methods I need to add
before_action :authenticate_user!
in my application controller.
The authentication at this moment works in the admin namespace, I use it for the admin panel and I have that line in my admin_controller that inherit from application_controller. If I add
before_action :authenticate_user!
in the application controller the user is redirected to the login page.
How can I use user_logged_in? without the redirect to the user login / registration page?
Related
I have a job show page where I want only sign users to apply and if user is not sign in I will show him the apply button and when they click in the button they will redirected to the sign up page and after sign up they will redirected to the job show page. I'm wondering how can I achieve this?
I was thinking to separate the job into 2 model job-details and job_apply and in the job_apply controller put this before_action :authenticate_user!, but I'm wondering if there another solutions?
You don't need to create another action. Don't add before_action :authenticate_user! for the show action.
You need to add before_action :authenticate_user! for the apply action. once the non-signed in user clicks the apply action, He/She will be redirected to sign_in.
I just use a helper method in application controller. This code obviously needs a current_user helper method as well.
def confirm_logged_in
if !current_user
redirect_to '/sessions/new'
flash[:login_failure] = 'You must be logged in to see this page'
session[:return_path] = request.original_url
end
end
then in your sessions controller use something like
redirect_to session[:return_path] || root_path
I've been looking for a way to redirect all requests of my app to the sign_in page if the user is not signed in, but I haven't found a way to do it (I could do it verifying a system variable and then redirect_to, but it does sound like the bad way)
I'm using ldap_authenticatable (devise) to authenticate, and then use Cancancan (for Access Control List), is there a way to use those tools (Cancancan) to do this ? , or how should I do it?
Thanks for your time
You can just add before_filter :authenticate_user! to your base ApplicationController. Devise Docs
Devise uses "authenticate_user!" filter to authenticate users. For authenticating users you can do something like this:
before_action :authenticate_user!
It will trigger authentication for all methods and if you want authentication only for some specific actions then you can use only or except options like:
before_action :authenticate_user!, :only => [your actions].
For more detail click here
add
class ApplicationController < ActionController::Base
before_action :authenticate_user!
end
in the application controller, this will automatically authenticate the user, if he is not logged in then he will be redirected to the sign_in page automatically
I have a standard devise implementation and throughout other models there seems to be no redirect if the session is expired, leaving the user with a error message.
For example on the user profile page if not logged in it will just show an error because the current_user does not exist.
Do i set in each model stating to authorise. Or a better solution, can I set it in the app controller and do it application wide and simply set any public pages wherever necessary?
If you want a particular controller to check if a user is logged in then you want to use Devise's authenticate_user! function. See example below
class StuffController < ApplicationController
before_filter :authenticate_user!
def index
..... more implementation
end
end
If the user is not logged in they will be redirected to the login form and then to the required page after a successful login
Use a before filter such as before_filter :authenticate_user!. Place this in your application controller. authenticate_user! is a devise helper so if you want custom behavior you can overload the method or simply write your own filter using their user_signed_in? helper method.
I'm using devise as registration engine in my rails 3.1 app. How can i prevent users from accessing some pages when they are logged in? I need to disable devise registration and some custom pages? Is there any way to implement this?
Devise automatically handles redirecting logged in users away from the sign in and sign up actions. If you would like to do this for other pages you would need to use controller before filters or an authorization solution such as CanCan.
You could quickly do a controller filter to redirect logged in users like so in a controller:
def SomeController < ApplicationController
before_filter :redirect_logged_in_user, :only => :action_to_prevent
private
def redirect_logged_in_user
redirect_to your_redirect_path if current_user
end
end
Devise is authentication system. To control users access to some pages you need authorization. For example, https://github.com/ryanb/cancan
Using devise, I have a User model. I do not have a user controller.
To use CanCan I need to do (below) at the top of my controllers
# Authorization w Devise & CanCan
before_filter :authenticate_user! # Devise, signed in users only
load_and_authorize_resource # CanCan
Where do I add this so I can have permissions for the User model given I have no user controller?
Thanks
You can add that code to any controller for which you need authentication, you don't need an UsersController
before_filter :authenticate_user!
this line require a valid user signed in with devise, so if you try to access a controller with this before_filter without being logged you'll be redirected by devise to the sign_in_path
load_and_authorize_resource # CanCan
this other line will fill an instance variable to a default value (if not already set) and then check your privileges using the Ability class, so assuming you have an ArticleController it will do the following behind the scenes (actual code is based on the current action)
# for the show action
#article = Article.find(params[:id])
raise CanCan::AccessDenied unless can(:read, #article)
The can(:read, #article) statement is the hearth of CanCan library, it will return a boolean value based on your ability class. Can read more on it here
If your whole application requires authentication you can simply add the before_filter :authenticate_user! line to the ApplicationController