I have a problem with the gem rails4-autocomplete. This works perfectly but since I have installed Devise for users I need to be connected to use autocompletion otherwise it does not work.
Indeed, if I withdraw the "Before_action: authenticate_user!" in the application_controller.rb, it works but I can not remove it.
How to skip authentication on rails4-autocomplete as on a method like to skip
authentication on index and show
Skip_before_action: authenticate_user !, only: [: index,: show]
How can I make it?
You might have figured this out by now, but the secret to your question is to run
rake routes
You'll notice that there is a named route created for your autocomplete. Then you'll just whitelist that method name (which you'll glean from the routing table)
So take a look at the routes, the one with "autocomplete" at the front of it is the one you need.
Then in the controller where your autocomplete is processed add a whitelist for devise if its on that action, like so:
skip_before_action :authenticate_user!, only [:index, :autocomplete_brand_website]
I threw together an example app that illustrates how this works in its most simplistic form:
https://bitbucket.org/bunglify/so-autocomplete-devise/overview
You can skip before_action on certain actions using except paramether:
before_action :authenticate_user!, except: [:index, :show]
also you can skip before_action that was inherited using skip_before_action in UsersController:
skip_before_action :authenticate_user!, only: [:index, :show]
Related
I have implemented Rails with devise authentication. As part of the process I added a "global" before_action :authenticate_user! in the application_controller that requires that all pages must be authenticated.
# app/controllers/application_controllers.rb
class ApplicationController < ActionController::Base
before_action :authenticate_user!
end
How do I allow some controller#actions to be accessed without requiring the user to log in first.
This is useful when sending out mass emailings, and the email contains the link to a #show action which usually requires authentication.
Put skip_before_action :authenticate_user! inside your controller to allow all actions for that controller.
You can also use the only and except keywords in combination with it to only allow or forbid specific actions.
# skips authentication only for "index" and "show"
skip_before_action :authenticate_user! only: %i[index show]
# requires authentication only for "update" and "destroy"
skip_before_action :authenticate_user! except: %i[update destroy]
In the controller just mention the action that required log in:
before_action :authenticate_user!, :only => [:new, :create, :edit]
For example if you have the action 'send_mail' in the controller you can accessed without log in.
I am using the before_action filter to call authenticate which is a method that will redirect users back to their home page if they aren't authorized to be on the page requested.
I would like to exclude a page from this step, just for testing purposes.
What I have seen so far is that I can use except to exclude certain controller actions from being subject to the before_action filter so like:
before_action :authenticate, except: :demo_login
I can also exclude more than one action at a time like this:
before_action :authenticate, except [:demo_login, :demo_show]
How can I exclude all actions in a specific controller?
Use skip_before_action :authenticate in the relevant controller.
The format of this method is the same as before_action so if you want to skip calling :authenticate for a specific controller action, use:
skip_before_action :authenticate, only: [:show, :index]
The except: keyword can also be used.
I am new to Rails and I need to create a simple Rails project with these conditions:
there must be page with some articles (title + body)
anyone can read those articles
only authenticated users can create/edit/delete those articles
I used scaffold to generate a controller for articles and the gem Devise to create the authentication system. But I dont know how to implement the necessary conditions.
Thanks for the reply.
If your user model is called user, then you would include the following in your controller:
before_filter :authenticate_user!
If it not called user, you would replace the word user in authenticate_user with whatever it is.
You would add this directly under your controller declaration, like so:
class ArticlesController < ApplicationController
before_filter :authenticate_user!
#rest of code
end
If you want to restrict only certain actions in the controller to logged in users, you can use except to exclude some actions. Here, index and show can be seen by anyone:
before_filter :authenticate_user!, :except => [:index, :show]
or only to include specific actions. Here, only authenticated users can do the listed actions:
before_filter :authenticate_user!,
:only => [:new, :edit, :create, :update, :delete]
I have a controller which inherits from Devise::RegistrationsController. I have added a show action to the controller. The problem is that even when the user is logged out they can access this action even though at the top of my controller I have:
before_filter :authenticate_user!, :except => [:new, :create]
Why isn't authenticate_user! disallowing access to my show action?
I tested this with one of my application. The filter authentication_person! (it's person in my case) works well for all other controllers but doesn't work for controller inherited from Devise::RegistrationsController. This may be an issue or limitation with devise. Needs to be added to issues discussion at github.
The other workaround can be to create a filter method should_be_logged_in? into the application controller and then checking for person_signed_in? helper and redirecting accordingly.
Might be an issue with auth scope..
try adding the following to you controller:
prepend_before_filter :authenticate_scope!, :only => [:edit, :update, :destroy, :show]
I'm wondering if there is a way to whitelist controller authentication using before_filter, also excluding the ones that you may want. Something like that in application controller :
before_filter :authenticate_user!, :except_controller => :home
Is there a way to do that without having to put a before_filter on every controller, which is kinda messy ?
Add this to your Home Controller, to skip authentication on all actions on your home controller.
skip_before_filter authenticate_user!
Put the before_filter in the application_controller. All your other controllers should extend this one (assuming a normal rails setup) and thus inherit the behavior.
Then, put the following in any controller where you want to skip the before filter:
skip_before_filter :authenticate_user!, :only => [:new, :create]
The :only option is, well, optional. Use it specify which methods skip the before filter. If you don't have the :only, then the entire controller will skip the before_filter.