Rails 5 Basics : Restricting Operations


  • To learn how to use simple HTTP authentication to restrict access to actions


Step 1

Add the following code to the top of the articles_controller.rb:

class ArticlesController < ApplicationController

  http_basic_authenticate_with name: 'welcome', 
  password: 'secret', 
  except: [:index, :show]

  <!-- actions such as index, new etc omitted here -->

This declaration protects the creating, editing and deleting functionality. Read only operations such as show and index are not protected.

Step 2

Reload the articles index page : http://localhost:3000/articles.

Step 3

Click 'Delete' for any of the article. You will see popup for authentication.

Step 4

For user name, enter welcome and for password enter secret. Click 'Login'. Now the record will be deleted.

Exercise 1

Use http basic authentication to protect deleting comments in the articles show page.


This completes our quick tour of Rails 5. If you have developed the blog application following the 12 lessons you will now have a strong foundation to build upon by reading other Rails books to continue your journey to master the Rails framework. Good luck.

Related Articles

Software Compatibility Best Practices

I spoke to some of the most talented and experienced software developers. I have created a guide that is filled with valuable insights and actionable ideas to boost developer productivity.

You will gain a better understanding of what's working well for other developers and how they address the software compatibility problems.

Get the Guide Now