Home arrow Ruby-on-Rails arrow Action Pack and Controller Filters

Action Pack and Controller Filters

In this fifteenth part of an eighteen-part series on the Action Pack library for Rails, you'll start learning how and why to use control filters. This article is excerpted from chapter six of the book Beginning Rails: From Novice to Professional, written by Jeffery Allan Hardy, Cloves Carneiro Jr. and Hampton Catlin (Apress; ISBN: 1590596862).

Author Info:
By: Apress Publishing
Rating: 5 stars5 stars5 stars5 stars5 stars / 3
July 14, 2011
  1. · Action Pack and Controller Filters
  2. · Requiring Authentication with Filters

print this article

Action Pack and Controller Filters
(Page 1 of 2 )

Using Controller Filters

Filters provide a way for you to perform operations either before or after an action is invoked. There’s even an around filter that can wrap the executing of an action. Of the three, the before filter is the most commonly used, so that’s what we’ll focus on here.

Here’s how it works: all the code you place in a before_filter will be run before the action in question is called. Pretty simple, really. But there’s a catch: if the before_ filter returns false, the action will not be executed. We often use this to protect certain actions that require a login. In our users controller, we want the new , create , login , and logout actions to remain open (anyone can access them), but we want to restrict all other actions to logged-in users. Here’s how we can do that using filters:

class UsersController < ApplicationController

before_filter :authenticate, :except => [:new, :create, :login, :logout] end

This will cause the authenticate method to be run before every action except those listed. Assume the authenticate method is defined on the application controller and is therefore available to every other controller in the system. If the authenticate method returns false, the requested action will not be executed, thereby protecting it from unauthorized visitors.

You can also use the :only modifier to specify that the filter is to run for only the given actions. We could have written the preceding example more concisely as follows:

before_filter :authenticate, :only => :show

Without the :only or :except modifiers, the filter will run for all actions.

Controller inheritance hierarchies share filters downwards, but subclasses can also add or skip filters without affecting the superclass. Let’s say you have applied a global filter to the application_controller , but you have a particular controller that you want to be exempt from filtration. You can use skip_before_filter , like this:

class ApplicationController < ActionController::Base

before_filter :authenticate_with_token end

class PublicController < ApplicationController

# We don't want to check for a token on this controller

skip_before_filter :authenticate_with_token end

Filters are a fairly involved topic, and we’ve only scratched the surface here. Still, we’ve shown you the most common usage pattern: protecting actions. For more information about filters, including usage examples, check out the Rails API documentation at http://api.rubyonrails.com/classes/ActionController/Filters/ClassMethods.html .

blog comments powered by Disqus

- Ruby-on-Rails Faces Second Security Flaw in ...
- Ruby 2.0 Prepped for February 2013 Release
- Why LinkedIn Switched from Ruby on Rails
- Adding Style with Action Pack
- Handling HTML in Templates with Action Pack
- Filters, Controllers and Helpers in Action P...
- Action Pack and Controller Filters
- Action Pack Categories and Events
- Logging Out, Events and Templates with Actio...
- Action Pack Sessions and Architecture
- More on Action Pack Partial Templates
- Action Pack Partial Templates
- Displaying Error Messages with the Action Pa...
- Action Pack Request Parameters
- Creating an Action Pack Registration Form

Watch our Tech Videos 
Dev Articles Forums 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us 
Weekly Newsletter
Developer Updates  
Free Website Content 
Contact Us 
Site Map 
Privacy Policy 

Developer Shed Affiliates


© 2003-2019 by Developer Shed. All rights reserved. DS Cluster - Follow our Sitemap
Popular Web Development Topics
All Web Development Tutorials