Skip authorization for specific methods

Question

Skip authorization for specific methods

In the Agile Development book, I have an Admin MVC that controls login. In ApplicationController , I have a before_filter that checks authorization. Thus, this will verify that the user is logged in for each page.

The problem is that I want everyone to be able to access the new method, for example, in "Users" (that is, everyone should be able to create a new user - naturally!) Only admin users should have access to other methods in UserController such as edit , etc.). What is the best way to do this?

+4

filter ruby-on-rails authorization

user5243421 Apr 25 '10 at 17:51

source share

3 answers

You can use the skip_before_filter method in child controller classes to skip filter processing by default. For instance:

 class UsersController < ApplicationController skip_before_filter :authorize, :only => [:new, :create] end

- skips the before filter with the name :authorize only for new and create actions in the user controller, that is, the filter will continue to be applied to all other actions.

+3

John topley Apr 25 '10 at 18:50

source share

I would also suggest using CanCan gem for authorization, as it has a very simple and clean way to define authorization rules. http://github.com/ryanb/cancan

0

Tadas tamosauskas Apr 25 '10 at 21:20

source share

Salil · Accepted Answer · 2010-04-25T18:46:55+0000

You can use any of these

 before_filter :except=>[:method_name] #methods you want to skip filter

OR

 before_filter :only=>[:method_name] #methods you want to be filtered before called.

edited

 before_filter :filter_method, :except=>[:method_name] #methods you want to skip filter

OR

 before_filter :filter_method, :only=>[:method_name] #methods you want to be filtered before called.

Skip authorization for specific methods

More articles: