I have a controller action that I need to call using AJAX. So I used skip_before_filter to turn off the requirement that I be logged in for that particular call.
That works, but on subsequent requests, I get redirected to the login form. How can I avoid this?
Here's the filter code in the controller:
protect_from_forgery
before_filter :logged_in?
skip_before_filter :logged_in?, :only => [:toggle_waiver]
Here's the controller action:
def toggle_waiver
@household = Household.find(params[:household_id])
@household.update_attributes(:waive_latefee => params[:bool])
render :nothing => true
end
The logged_in? method is simply a home grown one:
def self.authenticate(username, password)
user = find_by_username(username)
if user && user.password_hash == BCrypt::Engine.hash_secret(password, user.password_salt)
user
else
nil
end
end
Is there a better way to be doing this? (I'm using Rails 3... don't judge me) :-)
Aucun commentaire:
Enregistrer un commentaire