Rails 5 Basics : Restricting Operations


  • To learn how to use simple HTTP authentication to restrict access to actions


Step 1

Add the following code to the top of the articles_controller.rb:

class ArticlesController < ApplicationController

  http_basic_authenticate_with name: 'welcome', 
  password: 'secret', 
  except: [:index, :show]

  <!-- actions such as index, new etc omitted here -->

This declaration protects the creating, editing and deleting functionality. Read only operations such as show and index are not protected.

Step 2

Reload the articles index page : http://localhost:3000/articles.

Step 3

Click 'Delete' for any of the article. You will see popup for authentication.

Step 4

For user name, enter welcome and for password enter secret. Click 'Login'. Now the record will be deleted.

Exercise 1

Use http basic authentication to protect deleting comments in the articles show page.


This completes our quick tour of Rails 5. If you have developed the blog application following the 12 lessons you will now have a strong foundation to build upon by reading other Rails books to continue your journey to master the Rails framework. Good luck.

Related Articles

Ace the Technical Interview

  • Easily find the gaps in your knowledge
  • Get customized lessons based on where you are
  • Take consistent action everyday
  • Builtin accountability to keep you on track
  • You will solve bigger problems over time
  • Get the job of your dreams

Take the 30 Day Coding Skills Challenge

Gain confidence to attend the interview

No spam ever. Unsubscribe anytime.