How to hide non permited actions?

Check out before_filter. This allows you to call a method (or Proc) to determine whether the code should continue running.

class MyController
before_filter :authenticate

def authenticate
# is ok? return true else return false


Also, check out the LoginEngine (, a very comprehensive user authentication tool for Rails. Even if it’s too much for your app, it still has a lot of good ideas in it on how to do just this.