How to hide non permited actions?

Check out before_filter. This allows you to call a method (or Proc) to determine whether the code should continue running.

class MyController
before_filter :authenticate

def authenticate
# is ok? return true else return false

end
end

Also, check out the LoginEngine (http://api.rails-engines.org/login_engine/), a very comprehensive user authentication tool for Rails. Even if it’s too much for your app, it still has a lot of good ideas in it on how to do just this.

Jason