More efficient way to manage access control with restful_authentication?


I'm using restful_authentication with the latest version of RoR.
There are some actions that a user can only access if he is logged
in. So I'm putting this check in my code:

        def new
            if logged_in?
                @user = User.find(session[:user_id])
                @ec_order =
                1.times { }
                flash[:notice] = "You must be logged in to access this
                redirect_to :controller => "register", :action =>

I am repeatedly including this "if logged_in?" action in many actions,
and in some cases every action in a controller has this. What's a
better way to do this?

Thanks, - Dave

If you're using the login_required before_filter, you can override
#authorized? to determine what actions that user can access. Just
return false if they don't have access and it'll trigger the
access_denied method.

I can't see that I'm using the login_required before_filter, but that
sounds like the answer. How do I activate that? - Dave

Try something like this in your controller:

If you dont need the exceptions, just drop them.

  before_filter :login_required, :except => :show

You can also put it in your application controller (without
the :except part), just make sure you skip this rule in the
controllers that you need to actually login.

  skip_before_filter :login_required

Good luck!
Ger Apeldoorn.