Rails 5 Basics : Restricting Operations
- To learn how to use simple HTTP authentication to restrict access to actions
Add the following code to the top of the
class ArticlesController < ApplicationController http_basic_authenticate_with name: 'welcome', password: 'secret', except: [:index, :show] <!-- actions such as index, new etc omitted here --> end
This declaration protects the creating, editing and deleting functionality. Read only operations such as show and index are not protected.
Reload the articles index page :
Click 'Delete' for any of the article. You will see popup for authentication.
For user name, enter welcome and for password enter secret. Click 'Login'. Now the record will be deleted.
Use http basic authentication to protect deleting comments in the articles show page.
This completes our quick tour of Rails 5. If you have developed the blog application following the 12 lessons you will now have a strong foundation to build upon by reading other Rails books to continue your journey to master the Rails framework. Good luck.