Have you ever followed geddy's todo list tutorial and then thought: “Awesome, I just finished every ruby tutorial ever. How do I add in Authentication?” You may have then landed on their git pages in regard to requiring authentication. If so, then YOU‘RE DOING JUST WHAT I DID. OMG. HOW’D IT GO FOR YOU? I had a little trouble with the part of the code that had the before filter excludes, like this:

application.js

var Application = function () {
  this.protectFromForgery();
  this.before(requireAuthorization, {
    except: ['authorize', 'healthcheck']
  , async: true
  });
};

All was well and good until NARF! I only want to force a login if the person is trying to add or edit a post. Here‘s some things that didn’t work:

except: ['todos']
only: ['todos/add']
only: ['todos/:id/add']

I tried many many other iterations of this, building frustration on frustration until finally I thought to myself: "Self, you typed geddy scaffold todo, why do you keep referencing the plural?". Well, I‘m referencing the plural because geddy creates the view and the controller in the plural. My assumption/guess was that this was how it was using the filter on before. WRONG. It’s using the singular, model name for the filter, or a static page possibly (I don‘t know, I haven’t tested).

So my code finally looked like this:

application.js

var Application = function () {
  this.protectFromForgery();
  this.before(Authorization, {
    except: ['todo', 'authorize', 'index']
  , async: true
  });
};

(Who knew index would be the filter for /???)

I wanted to take a white list approach, so trying out only instead of except was really a confused act of desparation.

For more information you might check out the geddy api docs, or the before filter docs.