Authentication (restful, etc)

I feel kind of "slow" asking this post - but I can't get my head wrapped around the connection between the authentication of a user and the usage of the current_user values in other controllers.

If I had a controller "my_stuff" and I wanted two methods to require login, via restful, how can I go about doing that? Once I've required login, how can I go about accessing the session information, like userid and such?

I've tried, in the controller doing something like

@user = current_user or @user = session.current_user

or even something similar to @user = User.find_by_id(session.user_id)


Just can't get over / through "that" hurdle... once I do that, I'll be happy with an auth tie-in to my app.

I come from a Perl world, and I know I recently mentioned that RoR is the best thing since sliced bread (read: mod_perl) - I'm not fully able to get past authentication, etc.

I'm guessing that you're you using the Restful Authentication plugin.

If not, have a look at it here:

After installing, examine the file RAILS_ROOT/lib/ authenticated_system.rb, and you'll see exactly how the current_user method works. The short answer to your question is that you don't need to do anything like "@user = User.find_by_id(session.user_id)."

RestfulAuth also provides a method called 'login_required' which you can use to require login for any controller method.

At the top of your controller,

before_filer :login_required, :except => :show

will require login on all methods except for show.

Hope this helps,


That helped a lot. Thank you! :slight_smile:

In the case of restful_authentication (and others like it), you add the functionality into ApplicationController by including AuthenticatedSystem. Typically your other controllers extend ApplicationController so they inherit the functionality.