Hi all,
I am wondering if anyone can help me or has had similar experiences before:
I am trying to authenticate users before allowing them to access certain actions (create, update, destroy) in my controller, e.g. items_controller. I have done this by using a before_filter that redirects them to a users_controller if session[:login] is nil. (e.g. items/update/25 redirects to users/login)
What I want to do is: 1. Preserve the original paramaters in all redirections (from items/ update/25 to users/login, users/login to users/authenticate, and users/ authenticate to items/update/25) 2. To make the authentication transparent to the actions (they need not care/know if the incoming request is a redirection due to authentication or if its a normal request).
I have come up with this incomplete solution: 1. I use flash to propagate the parameters (request.parameters) from items/update/25 to users/login to users/authenticate to items/update/ 25. I wasnt able to use session variables because it doesnt seem to be preserved across controllers (im not so sure about the reason). 2. I manually inserted the parameters back into params by applying a before_filter for the actions (create, update, destroy)
The problem I have for the above solution is: 1. Its not very transparent as I have to manually insert the parameters back to params, but worst of all 2. The redirection causes the request to become a GET not a POST and I have to turn off the verify code (the one generated by scaffolding) that restricts Create, Update, and Destroy actions to POST.
Does anyone have any advice for the above?
Best regards,
Jesse P.