Devise::RegistrationsController#show

I have a controller which inherits from Devise::RegistrationsController. I have added a show action to the controller. T开发者_如何学Pythonhe problem is that even when the user is logged out they can access this action even though at the top of my controller I have:

before_filter :authenticate_user!, :except => [:new, :create]

Why isn't authenticate_user! disallowing access to my show action?

I tested this with one of my application. The filter authentication_person! (it's person in my case) works well for all other controllers but doesn't work for controller inherited from Devise::RegistrationsController. This may be an issue or limitation with devise. Needs to be added to issues discussion at github.

The other workaround can be to create a filter method should_be_logged_in? into the application controller and then checking for person_signed_in? helper and redirecting accordingly.

Might be an issue with auth scope.. try adding the following to you controller:

prepend_before_filter :authenticate_scope!, :only => [:edit, :update, :destroy, :show]