Skip to content

Authenticated Route Constraints #1147

Merged
merged 4 commits into from Jun 23, 2011

6 participants

@sj26
sj26 commented Jun 18, 2011

Allows routing based on authentication state, optionally by scope.

The example included in the comments for #authenticated:

authenticated :admin do
  root :to => 'admin/dashboard#show'
end

authenticated do
  root :to => 'dashboard#show'
end

root :to => 'landing#show'
@josevalim
Plataformatec member

Thanks for the pull request, but why would I use authenticated instead of authenticated?

@vijaydev

@josevalim what's the question again? :)

@josevalim
Plataformatec member

Hahaha, LOL, sorry.

The question is: why would I use authenticated instead of the existing authenticate?

@sj26
sj26 commented Jun 18, 2011

@josevalim: because authenticate forces authentication, authenticated only checks for it.

With authenticated I can provide the same path twice but route differently based on authentication state. A classic example is github itself. Unauthenticated users see a landing page extorting github's virtue, authenticated users see a dashboard of recent activity and repositories, both at the root URL.

@josevalim
Plataformatec member

Oh, that's great. I like it. Could you please provide tests then?

@sj26
sj26 commented Jun 19, 2011

Awesome, yeah, I wanted to get feedback before doing so. I'll chuck some together now, cheers!

@josevalim
Plataformatec member

Hey mate, any news? I am planning to release Devise 1.4 in the next 24 hours. So if you can add tests, we can get it in!

@sj26
sj26 commented Jun 23, 2011

Oh man, okay, I'll get cracking.

(Opposite timezone fail.)

sj26 added some commits Jun 23, 2011
@sj26 sj26 Switch to Warden::Proxy#authenticate?
Warden::Proxy#authenticated? and Warden::Proxy#unauthenticated? don't try strategies first.
8012285
@sj26 sj26 Tests. e75354b
@sj26
sj26 commented Jun 23, 2011

Fully tested. Caught a problem the last commit, too. -.-

@josevalim josevalim merged commit f43a7c4 into plataformatec:master Jun 23, 2011
@deepakinseattle

This is a great addition to devise. Thanks sj26 for contributing and josevalim for merging!

@volkanunsal

This feature would be even better if we could specify some pages that be shown only to unauthenticated users. Like the registration and login pages, for instance. Then anyone requesting those pages can be redirected to the landing page for that model.

@josevalim
Plataformatec member

unauthenticated was added to Devise later with exactly this behavior.

@sj26
sj26 commented Aug 24, 2011

... or you could just have later routes which, implicitly, are unauthenticated:

authenticated do
  root :to => :dashboard
end

# unauthenticated:
root :to => :home
@sj26
sj26 commented Aug 24, 2011

Oh, nevermind, I get you might want to have routes only accessible to unauthenticated users unmasked by authenticated routes.

Also, useful for skipping a whole section of unauthenticated routes as an efficiency gain.

@volkanunsal

Isn't unauthenticated the same as the default root path? What I had in mind was more like a way of making sure authenticated users never get to see "new registration" and "new session" pages. It would be a way of doing the same thing as what this line from my registrations_controller.rb is doing right now:

redirect_to stored_location_for(current_user) if signed_in?

My proposed syntax for it would be:

authenticated, :force =>[:registrations,:sessions] do 
    as :user do
      root :to      => "pages#index"
    end
end

(Unless there is already a way of doing the same from the controller that I am not aware of.)

@codyolsen

@sj26, @josevalim: Thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.