Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > Ruby > rails guides - getting started - section 10 security

Reply
Thread Tools

rails guides - getting started - section 10 security

 
 
compusaurus
Guest
Posts: n/a
 
      05-09-2011
The example doesn't work as described for me; not sure if I haven't
followed it right, or there's a problem with the code. Can someone
help me to determine what the problem is.

Specifically, after adding the authentication code to the
PostsController, with this line:

before_filter :authenticate, :except => [:index, :show]

The guide says that "we want the user to be authenticated on every
action, except for index and show", however, it only authenticates on
the new post and edit options; it doesn't authenticate on destroy.

Sincere thanks in advance to anyone who can help shed light on this
issue!

Here's my code:
----------------------------------------------------------------------------------------------

class ApplicationController < ActionController::Base
protect_from_forgery
private

def authenticate
authenticate_or_request_with_http_basic do |user_name, password|
user_name == 'admin' && password == 'password'
end
end
end

----------------------------------------------------------------------------------------------
class PostsController < ApplicationController

before_filter :authenticate, :except => [:index, :show]

# GET /posts
# GET /posts.xml
def index
@posts = Post.all

respond_to do |format|
format.html # index.html.erb
format.xml { render ml => @posts }
end
end

# GET /posts/1
# GET /posts/1.xml
def show
@post = Post.find(params[:id])

respond_to do |format|
format.html # show.html.erb
format.xml { render ml => @post }
end
end

# GET /posts/new
# GET /posts/new.xml
def new
@post = Post.new

respond_to do |format|
format.html # new.html.erb
format.xml { render ml => @post }
end
end

# GET /posts/1/edit
def edit
@post = Post.find(params[:id])
end

# POST /posts
# POST /posts.xml
def create
@post = Post.new(params[ost])

respond_to do |format|
if @post.save
format.html { redirect_to(@post, :notice => 'Post was
successfully created.') }
format.xml { render ml => @post, :status
=> :created, :location => @post }
else
format.html { render :action => "new" }
format.xml { render ml => @post.errors, :status
=> :unprocessable_entity }
end
end
end

# PUT /posts/1
# PUT /posts/1.xml
def update
@post = Post.find(params[:id])

respond_to do |format|
if @post.update_attributes(params[ost])
format.html { redirect_to(@post, :notice => 'Post was
successfully updated.') }
format.xml { head k }
else
format.html { render :action => "edit" }
format.xml { render ml => @post.errors, :status
=> :unprocessable_entity }
end
end
end

# DELETE /posts/1
# DELETE /posts/1.xml
def destroy
@post = Post.find(params[:id])
@post.destroy

respond_to do |format|
format.html { redirect_to(posts_url) }
format.xml { head k }
end
end
end
 
Reply With Quote
 
 
 
 
7stud --
Guest
Posts: n/a
 
      05-09-2011
rails != ruby

--
Posted via http://www.ruby-forum.com/.

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
section with in a section config file and reading that config file kampy Python 9 10-19-2012 10:59 PM
Getting Started with Ruby 1.9, Rails and SQLite3, All on Windows. Luis Lavena Ruby 1 07-06-2009 11:42 PM
Getting Started with Ruby 1.9, Rails and MySQL, All on Windows. Luis Lavena Ruby 0 07-06-2009 10:58 PM
[ADV] Workshop for Getting Started with Ruby on Rails in Vancouver / Sept. 8 Nathaniel Brown Ruby 0 08-30-2006 10:51 PM
getting started with rails for win32 Phlip Ruby 6 11-08-2004 03:52 AM



Advertisments