Home/ Questions/Q 6341689
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-24T20:05:16+00:00

right now my app has a Pages model. Anyone with the url, /pages/3 can

  • 0

right now my app has a Pages model. Anyone with the url, /pages/3 can view a page. I want to make makes have the option of public or private.

  • If public anyone with the URL can view.

  • If the page if private, only users that enter a password should be able to view the page.

Right now the page is rendered with the Page#Show controller. What’s the right way to go about handling this so that when a user tries to access a private page they first need to enter a password correctly and then they can view the page? How would I structure this in the controller?

Thanks

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Since you are using cancan:

    def show
  @page = Page.find(params[:id])
  authorize! :read, @page
end

    This will raise a CanCan::AccessDenied error (if the user isn’t logged in or isn’t authorized), which can be caught like so (docs):

    class ApplicationController < ActionController::Base
  rescue_from CanCan::AccessDenied do |exception|
    # Save the requested path in the user's session
    session[:return_to] = request.fullpath
    # Send the user to the sign in page
    redirect_to sign_in_path, :alert => exception.message
  end
end

    Depending on your authentication system, on a successful sign-in, in your sessions controller you can:

    redirect_to session[:return_to] || your_default_after_sign_in_path
# Clear the :return_to value
session[:return_to] = nil

    I may be missing some details, but this is the gist of it. Best of luck.

    EDIT:
    I should attribute the friendly forwarding part of my answer to Michael Hartl and his book.

    • 0