I am wondering if anyone can help me or has had similar experiences
I am trying to authenticate users before allowing them to access
certain actions (create, update, destroy) in my controller, e.g.
items_controller. I have done this by using a before_filter that
redirects them to a users_controller if session[:login] is nil. (e.g.
items/update/25 redirects to users/login)
What I want to do is:
1. Preserve the original paramaters in all redirections (from items/
update/25 to users/login, users/login to users/authenticate, and users/
authenticate to items/update/25)
2. To make the authentication transparent to the actions (they need
not care/know if the incoming request is a redirection due to
authentication or if its a normal request).
I have come up with this incomplete solution:
1. I use flash to propagate the parameters (request.parameters) from
items/update/25 to users/login to users/authenticate to items/update/
25. I wasnt able to use session variables because it doesnt seem to be
preserved across controllers (im not so sure about the reason).
2. I manually inserted the parameters back into params by applying a
before_filter for the actions (create, update, destroy)
The problem I have for the above solution is:
1. Its not very transparent as I have to manually insert the
parameters back to params, but worst of all
2. The redirection causes the request to become a GET not a POST and I
have to turn off the verify code (the one generated by scaffolding)
that restricts Create, Update, and Destroy actions to POST.
Does anyone have any advice for the above?