0
votes

I am using authlogic for authentication in my Rails app. Have named routes for the frequent actions, viz:

map.login "login", :controller => "user_sessions", :action => "new"

map.logout "logout", :controller => "user_sessions", :action => "destroy"

map.register "register", :controller => "users", :action => "new"

map.edit 'user/edit/:id', :controller => "users", :action => "edit"

But also in my routes.rb i have these automatically created REST routes too:

map.resources :user_sessions

map.resources :users

The problem now is that a user can login from two different routes. Ex: From, http://localhost/login and also from http ://localhost/user_sessions/new. How do i restrict access only from the named route i have defined and not allow from user_sessions/new?

1

1 Answers

1
votes

You need to exclude new action from your restful routes. Very simple:

map.resources :user_sessions, :except => [:new]

See the marvellous ApiDock for reference.