I'd like to verify if the user is logged in on every single request to the server.
Something like:
:before_filter verify_logged_in
Where should I put that before_filter so it applies to all controller actions and all requests?
To ensure that filters apply to all actions, place it in the application_controller.rb.
Application Controller is the base class of all other classes.
If you put any filter in this class then the flow works as follows:
If you hit url say of users resource with any action say index action then:
The control first goes to Application Controller. There it checks for filters, if finds any then it executes the filter method and after that it goes to index action of users controller.
Application Controller:
class ApplicationController < ActionController::Base
protect_from_forgery
before_filter :verify_logged_in
end
Other Controller:
class UsersController < ApplicationController
def index
end
Here in the above code you see that the other controller is inheriting the contents of parent controller which is application controller. So if you put before_filter in the application controller then for every user it will verify if the user is logged in for each request.
put before_filter in the base class(in application_controller.rb file), it will work on base and all its derived classes, such as
class ApplicationController < ActionController::Base
before_filter :set_locale
def set_locale
I18n.locale = params[:locale] or I18n.default_locale
end
end
good luck :-)
Place it in the ApplicationController and inherit all other controllers from it. If you don't overwrite verify_logged_in in one of your sub-controllers it simply works.
Related
Can't work out how to get around this. I'm using the mailboxer gem, who have recently updated to a namespaced model. Using the main controller, everything is fine, but I also have a namespaced views/controller for an admin section which is causing the issue.
Model name is
mailboxer_conversations
Main section code (working fine):
routes.rb
namespace :mailboxer, path: '', as: nil do
resources :conversations, only: [:index, :show, :new, :create, :destroy], as: 'conversations', path: 'conversations' do
member do
post :reply
post :trash
post :untrash
end
end
controllers/mailboxer/conversations_controller.rb
class Mailboxer::ConversationsController < ApplicationController
end
The above is all working fine, the controller is namespaced with folders and I can access the Conversation model instance.
The below is the code I'm currently trying for the admin section, using the same model mailboxer_conversations.rb
routes.rb
namespace :admin do
namespace :mailboxer, path: '', as: nil do
resources :conversations, as: 'conversations', path: 'conversations'
end
end
controllers/admin/mailboxer/conversations_controller.rb
class Admin::Mailboxer::ConversationsController < ApplicationController
end
With the above setup, I'm getting a nameerror uninit. constant 'Conversations'. Says to me that it can't access the model, is this because of the double namespace, it's expecting the model.rb file to be in a different folder i.e admin/mailboxer_conversations.rb? I can't move the model, as it's in a gem.
Thanks
I want to disable CSRF security for one controller. My ApplicationController looks like this:
class ApplicationController < ActionController::Base
# Prevent CSRF attacks by raising an exception.
protect_from_forgery with: :exception
And controller where i want to skip:
class HelpdeskInboxController < ApplicationController
skip_before_action :authenticate_user!
skip_before_action :verify_authenticity_token
prepend_before_filter :require_no_authentication
include Mandrill::Rails::WebHookProcessor
authenticate_with_mandrill_keys! MANDRILL_CONFIG['WEBHOOKS']
And it isn't working i've got error
Can't verify CSRF token authenticity
When mandrill sends me an email.
I believe skip_before_action :verify_authenticity_token will only work with rails 4. Try skip_before_filter instead.
I have this AdminController
class Admin::AdminController < ApplicationController
before_filter :is_admin?
def dashboard
end
def is_admin?
redirect_to root_path, :flash => { :alert => "You are not an admin!" } if !current_user.admin?
end
end
and this other controller that inherits from the above:
class Admin::CompetitionEntriesController < Admin::AdminController
before_action :set_competition_entry, only: [:show, :edit, :update, :destroy]
....
end
My route file is:
Foo::Application.routes.draw do
root 'competition_entries#index'
devise_for :users
resources :competition_entries
namespace :admin do
root 'admin#dashboard'
resources :competition_entries
end
....
..
.
end
Now why am I getting this error when I am trying to reach 'http://localhost:3000/admin'
Missing template admin/admin/dashboard...
I am getting this extra admin? Why? I don't want to use scopes I want to use namespaces.
Thanks.
Routes do not affect default search paths for templates. If your controller class is named Foo::BarController, Rails will look for the templates in app/views/foo/bar/ unless you specify otherwise.
Devise (2.1) was using my custom views fine until I told it to use a custom controller. Now it ignores my custom views.
Previously everything worked fine:
Tell Devise to use custom views in /config/devise.rb
# ==> Scopes configuration
# Turn scoped views on. Before rendering "sessions/new", it will first check for
# "users/sessions/new". It's turned off by default because it's slower if you
# are using only default views.
config.scoped_views = true
Add custom view: /app/views/subscribers/session/new.html.erb
Set up routes in /config/routes.rb
devise_for :subscribers
Then I added a custom SubscriberSessionsController as /app/controllers/subscriber_session_controller.rb
class SubscriberSessionsController < Devise::SessionsController
before_filter :isInIframe
private
def isInIframe
#hide_navbar = session[:in_iframe]
end
end
And modified /config/routes.rb to tell Devise to use this new controller instead of its default:
devise_for :subscribers, :controllers => {
:sessions => "subscriber_sessions"
}
Once I restart my server, Devise now uses this controller but ignores my custom view.
As is so often the case, ten minutes after posting the question I cracked it.
The reason Devise wasn't finding the view was it was looking for it in a different folder.My replacement controller was called subscriber_sessions.rbso devise was no longer looking in views/subscribers/sessions but views/subscribers/subscriber_sessions.
I solved this problem with the following:
Changed my subscriber routes to:
devise_for :subscribers, :controllers => {
:sessions => "subscribers/sessions"
}
Renamed my subscriber_sessions controller to just sessions and moved it into a subscribers folder so its new name & location are: app/controllers/subscribers/sessions_controller.rb
I also had to add a namespace to the class so the new sessions_controller.rb file looks like this"
class Subscribers::SessionsController < Devise::SessionsController
before_filter :isInIframe
private
def isInIframe
#hide_navbar = session[:in_iframe]
end
end
I'm trying to run some code on a controller in Volt, but only on certain pages. I've looked through the docs, but I'm not really sure how to get access to a given page's URL. Is there perhaps some hidden variable or something in the page model, like so?:
module Main
class MyController < Volt::ModelController
model :page
def index
end
def template_page
if page.url == "/foo/bar" # obviously, this doesn't actually work
# run some code
end
end
end
end
If you are using bindings in your URL, for example
client '/examples/{{ category }}/{{ example }}', controller: 'examples', action: 'template'
you can access those in the controller via the params collection:
params._category
params._example
In other cases you URL should be static anyway.
Sorry for the late reply. I added docs for the url method which is available from controllers:
http://docs.voltframework.com/en/docs/url.html