Reputation: 1793
authlogic and ajax in place editing with rails, also routing issues
I'm trying to use Authlogic to protect some in place editor fields I have on a page. I've protected all the methods in my controller, but it looks like in_place_editor is calling some weird generated stuff that doesn't even show up in my routes, like "/quotes/set_quote_text/1". Number one is there a site that tells more about these "secret" routes? Or is this something that in place edit added that I don't know about? It's just kind of unnerving that it doesn't even show up when I display all routes.
Assuming I do find out this, I have no idea how to protect things that aren't methods in my controller. Can I protect a whole route?
Another question is that, even if I do restrict the update route, the in place editor fields are rendering for everything. I would imagine that the way to do this would be to create a helper which would render the appropriate version depending on if the user is logged in or not. I am just not sure what I'd be checking against to see if someone's logged in or not, since I've been doing it all in the controller...Also, tips for that: would the partial just render one of 2 versions of a partial depending on the logged in state, or is there another way to do this?
Thanks!
Upvotes: 0
Views: 781
Answers (1)
Reputation: 5056
By default Rails includes the following routes:
map.connect ':controller/:action/:id'
map.connect ':controller/:action/:id.:format'
Furthermore, as you probably know, all public controller methods serve as controller actions.
Consider the following controller:
class SampleController < ActionController::Base
def test
render :text => "text"
end
end
So with the default routes, /sample/test will call SampleController#test
Also worth knowing is that in_place_edit_for(object, attribute, options = {}) defines a new method on the controller called set_#{object}_#{attribute}. In your case, this is set_quote_text.
To answer your questions:
- Why doesn't the route show up in
rake routes: Almost certainly this is because it's using that default route that I talked about at the beginning. I often times remove these routes so that only routes I explicitly define will be used. - How can one protect the in_place_edit action?:
Now that you know the name of the action you can add it to your list of protected actions. I assume you have something along the lines of
before_filter :authentication_required, :only => LIST_OF_ACTIONS_REQUIRING_AUTHENTICATION. Safer than this however is to use except and provide a list of all actions that you do not want to protect:before_filter :authentication_required, :except => LIST_OF_ACTIONS_THAT_DON'T_REQUIRE_AUTHENTICATION
Hopefully that's what you need.
Upvotes: 1
Related Questions
- Edit content with AJAX
- Rails Ajax call 404 error for the edit view
- Rails 3 app doesn't redirect after AJAX form submission
- Authenticated user making AJAX requests to rails API from jQuery
- Ajax call to controller action: RoutingError
- In-place editing X-editable in Rails No Route Matches [POST]
- Rails 3 In-Place Editing
- authentication drops off after ajax
- Rails Auth Token and Ajax
- rails in_place_edit: how do I pass an authenticity token?