Reputation:
Devise rubygem - How do you filter actions for authenticated/non-authenticated users?
I am new to Rails and I need to create a simple Rails project with these conditions:
- there must be page with some articles (title + body)
- anyone can read those articles
- only authenticated users can create/edit/delete those articles
I used scaffold to generate a controller for articles and the gem Devise to create the authentication system. But I dont know how to implement the necessary conditions.
Thanks for the reply.
Upvotes: 1
Views: 1218
Answers (1)
Reputation: 2532
If your user model is called user, then you would include the following in your controller:
before_filter :authenticate_user!
If it not called user, you would replace the word user in authenticate_user with whatever it is.
You would add this directly under your controller declaration, like so:
class ArticlesController < ApplicationController
before_filter :authenticate_user!
#rest of code
end
If you want to restrict only certain actions in the controller to logged in users, you can use except to exclude some actions. Here, index and show can be seen by anyone:
before_filter :authenticate_user!, :except => [:index, :show]
or only to include specific actions. Here, only authenticated users can do the listed actions:
before_filter :authenticate_user!,
:only => [:new, :edit, :create, :update, :delete]
Upvotes: 5
Related Questions
- Devise before_filter authenticate_admin?
- Rails, Devise. Disallow User actions unless AdminUser
- Verify user authenticated for actions
- Devise action filter for actions that require authentication
- Rails devise check for authenticate user without filter
- Rails+Devise: How to make some actions available only for users?
- Devise - Authenticate user (after validations) on a create action
- Ruby on Rails / Devise: Determining in model if user is logged in
- Devise: Restricting Actions to Administrators
- Filtering users who are able to sign in with Devise