More efficient way to manage access control with restful_authentication?

Hi,

I'm using restful_authentication with the latest version of RoR. There are some actions that a user can only access if he is logged in. So I'm putting this check in my code:

        def new             if logged_in?                 @user = User.find(session[:user_id])                 @ec_order = EcOrder.new                 1.times { @ec_order.ec_line_items.build }             else                 flash[:notice] = "You must be logged in to access this page."                 redirect_to :controller => "register", :action => "start"             end         end

I am repeatedly including this "if logged_in?" action in many actions, and in some cases every action in a controller has this. What's a better way to do this?

Thanks, - Dave

If you're using the login_required before_filter, you can override #authorized? to determine what actions that user can access. Just return false if they don't have access and it'll trigger the access_denied method.

I can't see that I'm using the login_required before_filter, but that sounds like the answer. How do I activate that? - Dave

Try something like this in your controller:

If you dont need the exceptions, just drop them.

  before_filter :login_required, :except => :show

You can also put it in your application controller (without the :except part), just make sure you skip this rule in the controllers that you need to actually login.

  skip_before_filter :login_required

Good luck! Ger Apeldoorn.