要求用户登录（Rails）

Question

How do I guarantee that users only access the routes on my web app if they are logged in? I already have Users and Session models and users are able to create accounts. But how do I make sure that if they are not logged in they are always redirected to the login/sign up page, but if they are they have access to all the routes?

EDIT: So this is what my Application Controller looks like right now:

class ApplicationController < ActionController::Base
    protect_from_forgery with: :exception
    helper_method :current_user

    private

    def current_user
       @current_user ||= User.find(session[:user_id]) if session[:user_id]
    end
end

So if there isn't a current user, I want to allow access only to the my Pages controller and its actions (which are basically home, signup, login, etc.). If there is a user, on the other hand, I want that user to be able to access all the routes in my route file.

Answer 1

class SomeController < ApplicationController
  def show
    if current_user.nil?
      redirect_to '/path/to/login'
    end
  end
end

could probably give a more detailed answer if you paste in some code otherwise we all are just guess what your methods are called.

Answer 2

If you are using devise it comes with the built in helper method authenticate_user! which should be placed in your application controller.

If you are not using devise you can define you own method (for this example I will copy devise) authenticate_user! in application controller and call the before action

    def current_user
    @current_user ||= User.find(session[:user_id]) if session[:user_id]
    end
    hide_action :current_user

    private
    def authenticate_user!
    redirect_to :root if current_user.nil?
    end

   end