Rails 5 Basics : Restricting Operations


  • To learn how to use simple HTTP authentication to restrict access to actions


Step 1

Add the following code to the top of the articles_controller.rb:

class ArticlesController < ApplicationController

  http_basic_authenticate_with name: 'welcome', 
  password: 'secret', 
  except: [:index, :show]

  <!-- actions such as index, new etc omitted here -->

This declaration protects the creating, editing and deleting functionality. Read only operations such as show and index are not protected.

Step 2

Reload the articles index page : http://localhost:3000/articles.

Step 3

Click 'Delete' for any of the article. You will see popup for authentication.

Step 4

For user name, enter welcome and for password enter secret. Click 'Login'. Now the record will be deleted.

Exercise 1

Use http basic authentication to protect deleting comments in the articles show page.


This completes our quick tour of Rails 5. If you have developed the blog application following the 12 lessons you will now have a strong foundation to build upon by reading other Rails books to continue your journey to master the Rails framework. Good luck.

Related Articles

Create your own user feedback survey