How to hide non permited actions?

Check out before_filter. This allows you to call a method (or Proc) to determine whether the code should continue running.

class MyController before_filter :authenticate

def authenticate # is ok? return true else return false

end end

Also, check out the LoginEngine (http://api.rails-engines.org/login_engine/), a very comprehensive user authentication tool for Rails. Even if it’s too much for your app, it still has a lot of good ideas in it on how to do just this.

Jason