I am using the before_action filter to call authenticate which is a method that will redirect users back to their home page if they aren't authorized to be on the page requested.
I would like to exclude a page from this step, just for testing purposes.
What I have seen so far is that I can use except to exclude certain controller actions from being subject to the before_action filter so like:
before_action :authenticate, except: :demo_login
I can also exclude more than one action at a time like this:
before_action :authenticate, except [:demo_login, :demo_show]
How can I exclude all actions in a specific controller?
Use skip_before_action :authenticate in the relevant controller.
The format of this method is the same as before_action so if you want to skip calling :authenticate for a specific controller action, use:
skip_before_action :authenticate, only: [:show, :index]
The except: keyword can also be used.
Related
I have a controller with the default RESTful route actions (index new create show edit update destroy) and also several other actions. I want to set a before_action that only runs on the default routes.
I know I can add before_action :set_x, only: [:index, :new, :create, :show, :edit, :update, :destroy] to the top of the controller but is there a quicker way to do this? I'd like to do this for multiple controllers, so I cannot do before_action :set_x, except: [:foo, :bar, :baz] because the actions change in each controller and new actions are added all the time.
Thanks!
Options:
define the before_action in the ApplicationController
write skip_before_action in those controllers that do not need it
define another "controller"-class, that derives from ApplicationController, add the before_action and only those controllers that need it, will inherit from that class
create a module with only the before_action and include it
I can check a user and to log out on some condition.
But there always a check on ApplicationController like a below.
before_action :authenticate_user!, :check_should_logout
I don't want to call check_should_logout on every request.
Is there any solution?
You can use only or except options for before_action filters in respective controller classes.
before_action :check_should_logout, only: [:action_1, :action_2]
OR
before_action :check_should_logout, except: [:action_1, :action_2]
before_action :authenticate_user!, :check_should_logout, only: [:action1, :action_2]
or
before_action :authenticate_user!, :check_should_logout, except: [:action1, :action_2]
Instead of providing this in ApplicationController tou should provide this in respective controller.
I have implemented Rails with devise authentication. As part of the process I added a "global" before_action :authenticate_user! in the application_controller that requires that all pages must be authenticated.
# app/controllers/application_controllers.rb
class ApplicationController < ActionController::Base
before_action :authenticate_user!
end
How do I allow some controller#actions to be accessed without requiring the user to log in first.
This is useful when sending out mass emailings, and the email contains the link to a #show action which usually requires authentication.
Put skip_before_action :authenticate_user! inside your controller to allow all actions for that controller.
You can also use the only and except keywords in combination with it to only allow or forbid specific actions.
# skips authentication only for "index" and "show"
skip_before_action :authenticate_user! only: %i[index show]
# requires authentication only for "update" and "destroy"
skip_before_action :authenticate_user! except: %i[update destroy]
In the controller just mention the action that required log in:
before_action :authenticate_user!, :only => [:new, :create, :edit]
For example if you have the action 'send_mail' in the controller you can accessed without log in.
I have a problem with the gem rails4-autocomplete. This works perfectly but since I have installed Devise for users I need to be connected to use autocompletion otherwise it does not work.
Indeed, if I withdraw the "Before_action: authenticate_user!" in the application_controller.rb, it works but I can not remove it.
How to skip authentication on rails4-autocomplete as on a method like to skip
authentication on index and show
Skip_before_action: authenticate_user !, only: [: index,: show]
How can I make it?
You might have figured this out by now, but the secret to your question is to run
rake routes
You'll notice that there is a named route created for your autocomplete. Then you'll just whitelist that method name (which you'll glean from the routing table)
So take a look at the routes, the one with "autocomplete" at the front of it is the one you need.
Then in the controller where your autocomplete is processed add a whitelist for devise if its on that action, like so:
skip_before_action :authenticate_user!, only [:index, :autocomplete_brand_website]
I threw together an example app that illustrates how this works in its most simplistic form:
https://bitbucket.org/bunglify/so-autocomplete-devise/overview
You can skip before_action on certain actions using except paramether:
before_action :authenticate_user!, except: [:index, :show]
also you can skip before_action that was inherited using skip_before_action in UsersController:
skip_before_action :authenticate_user!, only: [:index, :show]
I have installed devise and would like to restrict access to certain pages depending on whether the user has authenticated.
My first approach was to open each view, and add:
<% if mpuser_signed_in? %>
#rest of code
<%end>
(My model is called mpusers)
But I thought there maybe is a more elegant solution?
Dario
Set before_filter :authenticate_user! in the controller for the actions that require an authenticated user. In this example, we need the user to be authenticated for creation, edit and destroy actions.
class YourController < ApplicationController
before_filter :authenticate_user!, only: [:new, :edit, :update, :destroy]