Unique URLs for authentication

Darren, a good design pattern that is useful for lots of models if
you're aiming for RESTfulness is to add a before_filter to your
controller. So, if I understood your question correctly:

class UsersController < ApplicationController
  before_filter :retrieve_user

  # Executed before every request if processed
  def retrieve_user
    @user = User.find(params[:id])
  end

  def confirm
    if @user.full_name == params[:full_name]
       head :ok
    else
       head :bad_request
    end
  end
end

Cheers, --Kip

Darren Jeacocke wrote:

Should have explained a little further, just in case.

> This doesn't work because it doesn't parse one, then the other...

> if @user = User.find(params[:id]) && @user.full_name ==
> params[:full_name]

Ruby will check the predicated of an 'if' statement in the order you
type them
and will therefore work as you expect. Except.....

A Model.find(id) will raise an exception if the id isn't found. This
will, by default,
cause Rails to send your 404 page (not found) which is pretty cool
really.
Because you don't have to get fussed about worry about the case where
the id
is not found in your app logic.

Thats why the before_filter I suggested works too. Your controller
action
code will only every get executed if the User.find(id) is successful
and you
just use the info retriieved.

Lastly, the pattern of /:controller/:id/:action is very common (and
how
RESTful resources work. Which means your before filter is going to be
just
as useful for your CRUD actions as well.

Cheers, --Kip