Agile Web Development with Rails, Edition 5

15.4 Iteration J4: Adding a Sidebar 15.2 Iteration J2: Authenticating Users

15.3 Iteration J3: Limiting Access

require authorization before every access

edit app/controllers/application_controller.rb
class ApplicationController < ActionController::Base
  before_action :authorize
 
    # ...
 
  protected
 
    def authorize
      unless User.find_by(id: session[:user_id])
        redirect_to login_url, notice: "Please log in"
      end
    end
end

whitelist the sessions and store controllers

edit app/controllers/sessions_controller.rb
class SessionsController < ApplicationController
  skip_before_action :authorize
edit app/controllers/store_controller.rb
class StoreController < ApplicationController
  skip_before_action :authorize

whitelist cart operations

edit app/controllers/carts_controller.rb
class CartsController < ApplicationController
  skip_before_action :authorize, only: [:create, :update, :destroy]
  # ...
  private
  # ...
 
    def invalid_cart
      logger.error "Attempt to access invalid cart #{params[:id]}"
      redirect_to store_index_url, notice: 'Invalid cart'
    end
end

whitelist line_item operations

edit app/controllers/line_items_controller.rb
class LineItemsController < ApplicationController
  skip_before_action :authorize, only: :create

whitelist order operations

edit app/controllers/orders_controller.rb
class OrdersController < ApplicationController
  skip_before_action :authorize, only: [:new, :create]

Cause all tests to do an implicit login

edit test/test_helper.rb
ENV['RAILS_ENV'] ||= 'test'
require File.expand_path('../../config/environment', __FILE__)
require 'rails/test_help'
 
class ActiveSupport::TestCase
  # Setup all fixtures in test/fixtures/*.yml for all tests in alphabetical order.
  fixtures :all
 
  # Add more helper methods to be used by all tests here...
end
class ActionDispatch::IntegrationTest
  def login_as(user)
    post login_url, params: { name: user.name, password: 'secret' }
  end
 
  def logout
    delete logout_url
  end
 
  def setup
    login_as users(:one)
  end
end

Show that the now pass

rails test
Run options: --seed 62827
 
# Running:
 
........................................................
 
Finished in 4.522228s, 12.3833 runs/s, 33.8329 assertions/s.
 
56 runs, 153 assertions, 0 failures, 0 errors, 0 skips

15.4 Iteration J4: Adding a Sidebar 15.2 Iteration J2: Authenticating Users