I have implemented Rails with devise authentication. As part of the process I added a "global" before_action :authenticate_user! in the application_controller that requires that all pages must be authenticated.
# app/controllers/application_controllers.rb
class ApplicationController < ActionController::Base
before_action :authenticate_user!
end
How do I allow some controller#actions to be accessed without requiring the user to log in first.
This is useful when sending out mass emailings, and the email contains the link to a #show action which usually requires authentication.
Put skip_before_action :authenticate_user! inside your controller to allow all actions for that controller.
You can also use the only and except keywords in combination with it to only allow or forbid specific actions.
# skips authentication only for "index" and "show"
skip_before_action :authenticate_user! only: %i[index show]
# requires authentication only for "update" and "destroy"
skip_before_action :authenticate_user! except: %i[update destroy]
In the controller just mention the action that required log in:
before_action :authenticate_user!, :only => [:new, :create, :edit]
For example if you have the action 'send_mail' in the controller you can accessed without log in.
Related
I have a problem with the gem rails4-autocomplete. This works perfectly but since I have installed Devise for users I need to be connected to use autocompletion otherwise it does not work.
Indeed, if I withdraw the "Before_action: authenticate_user!" in the application_controller.rb, it works but I can not remove it.
How to skip authentication on rails4-autocomplete as on a method like to skip
authentication on index and show
Skip_before_action: authenticate_user !, only: [: index,: show]
How can I make it?
You might have figured this out by now, but the secret to your question is to run
rake routes
You'll notice that there is a named route created for your autocomplete. Then you'll just whitelist that method name (which you'll glean from the routing table)
So take a look at the routes, the one with "autocomplete" at the front of it is the one you need.
Then in the controller where your autocomplete is processed add a whitelist for devise if its on that action, like so:
skip_before_action :authenticate_user!, only [:index, :autocomplete_brand_website]
I threw together an example app that illustrates how this works in its most simplistic form:
https://bitbucket.org/bunglify/so-autocomplete-devise/overview
You can skip before_action on certain actions using except paramether:
before_action :authenticate_user!, except: [:index, :show]
also you can skip before_action that was inherited using skip_before_action in UsersController:
skip_before_action :authenticate_user!, only: [:index, :show]
I am using the before_action filter to call authenticate which is a method that will redirect users back to their home page if they aren't authorized to be on the page requested.
I would like to exclude a page from this step, just for testing purposes.
What I have seen so far is that I can use except to exclude certain controller actions from being subject to the before_action filter so like:
before_action :authenticate, except: :demo_login
I can also exclude more than one action at a time like this:
before_action :authenticate, except [:demo_login, :demo_show]
How can I exclude all actions in a specific controller?
Use skip_before_action :authenticate in the relevant controller.
The format of this method is the same as before_action so if you want to skip calling :authenticate for a specific controller action, use:
skip_before_action :authenticate, only: [:show, :index]
The except: keyword can also be used.
Having devise_for :users makes all methods of Users controller authenticated by Devise. I'd like to skip a couple of methods e.g users#api, users#do_stuff for making a public API with self-written auth method.
How can I do it?
UPDATE.
skip_before_filter :authenticate_user!, only: [:api, :do_stuff]
still gives me {"error":"You need to sign in or sign up before continuing."}
Try this -
skip_before_filter :authenticate_user!, :only => [:api,:do_stuff]
inside users_controller.rb...add the below lines
before_action :authenticate_user!, :only => [:api, :do_stuff]
i assume that you only want to authenticate on this two method calls in users_controller and not have added any authentication filter in application_controller.
I have installed devise and would like to restrict access to certain pages depending on whether the user has authenticated.
My first approach was to open each view, and add:
<% if mpuser_signed_in? %>
#rest of code
<%end>
(My model is called mpusers)
But I thought there maybe is a more elegant solution?
Dario
Set before_filter :authenticate_user! in the controller for the actions that require an authenticated user. In this example, we need the user to be authenticated for creation, edit and destroy actions.
class YourController < ApplicationController
before_filter :authenticate_user!, only: [:new, :edit, :update, :destroy]
I am new to Rails and I need to create a simple Rails project with these conditions:
there must be page with some articles (title + body)
anyone can read those articles
only authenticated users can create/edit/delete those articles
I used scaffold to generate a controller for articles and the gem Devise to create the authentication system. But I dont know how to implement the necessary conditions.
Thanks for the reply.
If your user model is called user, then you would include the following in your controller:
before_filter :authenticate_user!
If it not called user, you would replace the word user in authenticate_user with whatever it is.
You would add this directly under your controller declaration, like so:
class ArticlesController < ApplicationController
before_filter :authenticate_user!
#rest of code
end
If you want to restrict only certain actions in the controller to logged in users, you can use except to exclude some actions. Here, index and show can be seen by anyone:
before_filter :authenticate_user!, :except => [:index, :show]
or only to include specific actions. Here, only authenticated users can do the listed actions:
before_filter :authenticate_user!,
:only => [:new, :edit, :create, :update, :delete]