Hey everybody,
I would like to know how to do simple password protection in rails a la <a href="http://writeboard.com>writeboard</a>. At writeboard, when a new writeboard object is created, the creator must assign a password, but not create a new user. Then, to access the newly-created writeboard, one must input only the password.
I'm sure this is pretty simple, but I'm quite new to rails. Thanks.
I'm sure there is a user created with the email that you give them.
Just the methods, no code:
First, assign password attribute to your model (i.e. table field) -- be it a Writeboard or whatever...
Depending on your own business rules a lot of things will determine how you process the password-entry --- i.e. do you now create a session so that the user can come back later today and view the Writeboard again? or does someone have to input the password everytime they hit the page? That depends on you... Below is the absolute "simplest" approach possible:
But simply put, you should easily be able to put a password field on the form where you create your Whiteboard that gets saved (possibly even validated for length/alphanum whatever) and - hopefully - encrypted.
When you render the show method (view) for the Writeboard, you'll check to see if there's a password param, which if so, you'll verify against the password belonging to the Writeboard, and if not, you'll render a page/popup/whatever that simply has a password input field that posts to the show method which will mean that now there will be a password param, so your controller will do the verification that what's entered (hopefully you're encrypting it to do your saves and checks) matches the Writeboard password.
Pseudo code:
def show look up the Writeboard by the id param is there a password param? yes? does the encrypted password param match the Writeboard password? yes? render the show view #default no? render some view with a password field no? render some view with a password field end
Do this once, then you'll find ways to refactor it so it's smaller. Again, this is the very super-simple approach -- there are infinite more complex possibilities, but if you're new to Rails, give this a go...
Cheers!
Keep up to date with Rails on Twitter and This Week in Rails
Policies: Conduct, License, Maintenance, Security, Trademarks