restful_authentication applied to only an action within a controller?

Question

I have installed and implemented the plugin restful_authentication from technoweenie.

My application is, for the most part, intended to be open, except for the case of say, writing a review.

So I have a reviews_controller.rb, but the only time I want to care whether the user is logged in or not is when they are submitting a specific action add_review.

add_review is an action on the vendor_controller.rb because the form is displayed on vendors/show. Then it redirects back to vendor/show to show the update (thinking of changing this to ajax).

If the person is NOT logged in, I want it to redirect to the login/signup page.

The instructions for restful_authentication show applying the include AuthenticatedSystem at the controller level, but I don't want to be authenticating with other actions in that controller.

How do I do this?

Answer 1

Include the AuthenticatedSystem module in the controller you need it for (or ApplicationController if you need it for more than one), and then use the before_filter applied only to the actions you want, e.g.:

class VendorsController < ApplicationController
  include AuthenticatedSystem
  before_filter :login_required, :only => [:add_review]
end

Answer 2

I implore you to use the restful create action rather than your own add_review action. Read more about restful routing at: http://guides.rubyonrails.org/routing.html