[Ruby On Rails] Authentication – has_secure_password Feature (4) – Securing Actions

This is the final(fourth) part of the “has_secure_password” feature in Rails. This post explains how to secure actions. Please read the previous posts (Overview, Signup, and Signin/Signout).

1. Helpers in Controllers

Make sure the helper methods can be accessible in controllers

class ApplicationController < ActionController::Base

  protect_from_forgery with: :exception

  include SessionsHelper

end

 

2. Securing Actions

In the controller, you can create a filter.

class ProductsController < ApplicationController

  before_action :signed_in_user, except: [:index]

  private
    def signed_in_user
      flash[:info] = "Please sign in."
      redirect_to new_session_path unless signed_in?
    end

end

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s