Authenticated Route Constraints

[sj26]

Allows routing based on authentication state, optionally by scope.

The example included in the comments for #authenticated:

authenticated :admin do
  root :to => 'admin/dashboard#show'
end

authenticated do
  root :to => 'dashboard#show'
end

root :to => 'landing#show'

[josevalim]

Thanks for the pull request, but why would I use authenticated instead of authenticated?

[vijaydev]

@josevalim what's the question again? :)

[josevalim]

Hahaha, LOL, sorry.

The question is: why would I use authenticated instead of the existing authenticate?

[sj26]

@josevalim: because authenticate forces authentication, authenticated only checks for it.

With authenticated I can provide the same path twice but route differently based on authentication state. A classic example is github itself. Unauthenticated users see a landing page extorting github's virtue, authenticated users see a dashboard of recent activity and repositories, both at the root URL.

[josevalim]

Oh, that's great. I like it. Could you please provide tests then?

[sj26]

Awesome, yeah, I wanted to get feedback before doing so. I'll chuck some together now, cheers!

[josevalim]

Hey mate, any news? I am planning to release Devise 1.4 in the next 24 hours. So if you can add tests, we can get it in!

[sj26]

Oh man, okay, I'll get cracking.

(Opposite timezone fail.)

[sj26]

Fully tested. Caught a problem the last commit, too. -.-

[deepakinseattle]

This is a great addition to devise. Thanks sj26 for contributing and josevalim for merging!

[volkanunsal]

This feature would be even better if we could specify some pages that be shown only to unauthenticated users. Like the registration and login pages, for instance. Then anyone requesting those pages can be redirected to the landing page for that model.

[josevalim]

unauthenticated was added to Devise later with exactly this behavior.

[sj26]

... or you could just have later routes which, implicitly, are unauthenticated:

authenticated do
  root :to => :dashboard
end

# unauthenticated:
root :to => :home

[sj26]

Oh, nevermind, I get you might want to have routes only accessible to unauthenticated users unmasked by authenticated routes.

Also, useful for skipping a whole section of unauthenticated routes as an efficiency gain.

[volkanunsal]

Isn't unauthenticated the same as the default root path? What I had in mind was more like a way of making sure authenticated users never get to see "new registration" and "new session" pages. It would be a way of doing the same thing as what this line from my registrations_controller.rb is doing right now:

redirect_to stored_location_for(current_user) if signed_in?

My proposed syntax for it would be:

authenticated, :force =>[:registrations,:sessions] do 
    as :user do
      root :to      => "pages#index"
    end
end

(Unless there is already a way of doing the same from the controller that I am not aware of.)

[codyolsen]

@sj26, @josevalim: Thank you!