I’m using Devise for authentication for my site. An unauthenticated visitor should be able to only see: the welcome page, the sign-up page, and the login page. To unauthenticated visitors, all other pages/routes would be wholly inaccessible.
I looked at Cancan, but that seems like much, much more than I need.
I saw something else that suggested doing it at the Apache level, but life is way to short to be mucking around with web server settings.
I saw an article or two on using a session or user based before_filter, but it looks like I would have to modify each method in each controller.
Is there some other approach? It would be great if I could identify my routes as those publicly accessible and those requiring authentication. Is that possible? Or can I easily disable a complete controller based on current_user?
Just looking for something that is very simple and straightforward. Extra credit for something that errors-out gracefully. 🙂
Just add a method to Application Controller that forbids access to nonauthenticated users (using
before_filter) and overwrite this method for controllers where you want to give them access.So in application controller:
And to grant access to some pages and in their controller:
Or add some more logic to grant access only to some actions within the controller.